Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows XP Recovery and TDSS


  • This topic is locked This topic is locked
36 replies to this topic

#1 danmastaflex

danmastaflex

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 17 June 2011 - 04:18 PM

I booted up my computer for the first time in about 3 weeks to find the Windows XP recovery plastered all over my screen and after doing some quick research on an alternate device discovered it was bogus. Tried following the directions on your guide to remove Windows XP recovery and then read a bit closer and discovered that I likely had a TDSS infection as well. I had a difficult time getting the logs from DDS and GMER because anything I saved to the desktop disappeared due to the infections. I finally managed to unhide a folder where I could save the logs and run GMER from. I also at one point tried to get Malwarebytes to update but it would download the update repeatedly and then fail to finalize or install it.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by HP_Administrator at 20:33:49 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.411 [GMT -4:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\MEXFxpGUVShIHWB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\attrib.exe
C:\Documents and Settings\All Users\Application Data\13623076.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\HP\KBD\KBD.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://search.live.com/sphome.aspx
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Google Update] "c:\documents and settings\hp_administrator.your-4dacd0ea75\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MEXFxpGUVShIHWB] c:\documents and settings\all users\application data\MEXFxpGUVShIHWB.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{3BC2BF91-92DA-4871-9756-5DCA970BA4EB} : DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\mozilla\firefox\profiles\rhaxv2sx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\hp_administrator.your-4dacd0ea75\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2010-3-22 20608]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
.
=============== Created Last 30 ================
.
2011-06-16 10:24:56 344576 ---h--w- c:\documents and settings\all users\application data\13623076.exe
2011-05-20 13:11:19 422400 ---ha-w- c:\documents and settings\all users\application data\MEXFxpGUVShIHWB.exe
2011-05-19 22:55:56 -------- d--h--w- c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\Malwarebytes
2011-05-19 22:55:50 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 20:56:55 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-05-19 20:56:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
.
==================== Find3M ====================
.
.
============= FINISH: 20:34:12.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 22 June 2011 - 08:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 22 June 2011 - 05:06 PM

Hi Gringo,

Thanks for your help with fixing my computer. I apologize if I take a long time to reply as my work hours will often have me at work late and on weekends.

I was able to run the Unhide feature and OTL feature without any issues. Here is the contents of the OTL.txt log. I apologize if you had wanted it attached instead of just the text.

OTL logfile created on: 6/22/2011 5:48:46 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 404.05 Mb Available Physical Memory | 42.16% Memory free
2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.45 Gb Total Space | 38.34 Gb Free Space | 21.61% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.57 Gb Free Space | 6.46% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\13623076.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\MEXFxpGUVShIHWB.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\system32\attrib.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-156950355-920750155-674074537-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2011/05/19 17:09:09 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/05/19 17:09:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/05/19 17:09:09 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/05/19 17:09:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.6.2\extensions\\Components: C:\Program Files\Flock\components [2011/05/19 17:09:09 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.6.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/05/19 17:09:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 16:40:35 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 16:40:33 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/24 16:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/04/20 03:02:02 | 000,000,000 | -H-D | M]

[2010/03/25 17:18:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/03/25 17:18:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/03/22 21:27:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\rhaxv2sx.default\extensions
[2011/05/11 16:40:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/03/31 20:41:05 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/08/16 17:42:02 | 000,070,456 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/06/18 02:43:04 | 000,086,016 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/08/16 17:44:46 | 000,427,312 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2006/01/18 13:50:00 | 000,319,488 | -H-- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 000,180,293 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/08/16 17:42:04 | 000,023,864 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/01 04:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-156950355-920750155-674074537-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-156950355-920750155-674074537-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-156950355-920750155-674074537-1007..\Run: [MEXFxpGUVShIHWB] C:\Documents and Settings\All Users\Application Data\MEXFxpGUVShIHWB.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (Memeo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-156950355-920750155-674074537-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-156950355-920750155-674074537-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-156950355-920750155-674074537-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/31 19:30:27 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6868c61d-3870-11df-b8b7-00027257972a}\Shell\access\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe
O33 - MountPoints2\{6868c61d-3870-11df-b8b7-00027257972a}\Shell\AutoRun\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe /minimize
O33 - MountPoints2\{70f64e10-40e6-11df-b8ba-00027257972a}\Shell\AutoRun\command - "" = "L:\Install FreeAgent Tools.exe" /run
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 17:55:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Recent
[2011/06/22 17:47:21 | 000,579,072 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2011/06/16 20:41:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\gmer
[2011/06/16 20:06:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Administrative Tools
[2011/06/16 20:06:43 | 000,607,310 | RH-- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr
[2011/06/16 06:30:01 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\mbam-setup.exe
[2011/06/16 06:24:56 | 000,344,576 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\13623076.exe
[2011/06/16 00:33:40 | 001,437,488 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\six.com.exe
[2011/06/16 00:19:50 | 001,437,488 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\five.com.exe
[2011/06/16 00:12:23 | 001,437,488 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\shfiftyfive.com.exe
[2011/06/15 23:11:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Windows XP Recovery
[2011/05/20 09:11:19 | 000,422,400 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\MEXFxpGUVShIHWB.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 17:47:22 | 000,579,072 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2011/06/22 17:43:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 17:43:13 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 17:41:05 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/22 17:16:02 | 000,001,054 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-156950355-920750155-674074537-1007UA.job
[2011/06/22 17:08:21 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 19:09:00 | 000,000,338 | -H-- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011/06/17 17:09:00 | 000,000,342 | -H-- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7700#MY38B131BQK5.job
[2011/06/16 23:16:00 | 000,001,002 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-156950355-920750155-674074537-1007Core.job
[2011/06/16 21:15:03 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/16 20:40:53 | 000,293,977 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\gmer.zip
[2011/06/16 20:14:51 | 000,293,977 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2011/06/16 20:06:45 | 000,607,310 | RH-- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr
[2011/06/16 06:30:08 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\mbam-setup.exe
[2011/06/16 06:24:56 | 000,344,576 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\13623076.exe
[2011/06/16 00:38:43 | 001,437,488 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\six.com.exe
[2011/06/16 00:35:02 | 001,007,120 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\iExplore.exe
[2011/06/16 00:19:55 | 001,437,488 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\five.com.exe
[2011/06/16 00:12:28 | 001,437,488 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\shfiftyfive.com.exe
[2011/06/15 23:51:35 | 000,276,202 | -H-- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/15 23:24:15 | 000,002,492 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Google Chrome.lnk
[2011/06/15 23:11:29 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~13623076r
[2011/06/15 23:11:29 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~13623076
[2011/06/15 23:11:23 | 000,000,810 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Windows XP Recovery.lnk
[2011/06/15 23:10:41 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\13623076
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 20:40:50 | 000,293,977 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\gmer.zip
[2011/06/16 20:14:49 | 000,293,977 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2011/06/15 23:42:56 | 001,007,120 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\iExplore.exe
[2011/06/15 23:11:29 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~13623076r
[2011/06/15 23:11:29 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~13623076
[2011/06/15 23:11:23 | 000,000,810 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Windows XP Recovery.lnk
[2011/06/15 23:10:41 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\13623076
[2010/10/31 15:55:01 | 000,006,144 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 09:57:44 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2010/04/11 19:15:58 | 000,170,260 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/04 22:35:04 | 002,183,470 | -H-- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/22 23:52:03 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2010/03/22 23:52:02 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/03/22 23:52:01 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2010/03/22 23:36:12 | 000,000,155 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2010/03/04 10:56:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Vjanuxafujahozaz.bin
[2010/03/04 10:56:44 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Qnabutaz.dat
[2009/11/09 22:28:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/07/25 12:17:59 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\Pix11.dat
[2008/01/14 00:56:24 | 000,000,232 | -H-- | C] () -- C:\WINDOWS\Title.INI
[2008/01/14 00:41:00 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/10/06 14:50:14 | 000,094,215 | -H-- | C] () -- C:\WINDOWS\hpqins09.dat
[2007/08/27 11:07:18 | 000,124,340 | -H-- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2007/08/27 11:07:17 | 000,014,916 | -H-- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2007/08/27 10:38:24 | 000,124,348 | -H-- | C] () -- C:\WINDOWS\HPHins12.dat
[2007/08/27 10:38:24 | 000,014,916 | -H-- | C] () -- C:\WINDOWS\hphmdl12.dat
[2007/07/31 20:28:38 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/27 18:17:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\phbase.ini
[2007/07/27 18:17:10 | 000,001,390 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007/07/27 18:17:10 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007/07/27 18:17:08 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/07/25 13:40:29 | 000,018,270 | -H-- | C] () -- C:\WINDOWS\HPHins01.dat.temp
[2007/07/25 13:40:29 | 000,004,284 | -H-- | C] () -- C:\WINDOWS\hphmdl01.dat.temp
[2007/07/17 17:04:35 | 000,018,270 | -H-- | C] () -- C:\WINDOWS\HPHins01.dat
[2007/07/17 17:04:35 | 000,004,284 | -H-- | C] () -- C:\WINDOWS\hphmdl01.dat
[2007/05/01 19:10:42 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/07 13:28:55 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/10 17:58:52 | 000,002,935 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/30 16:47:48 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/31 20:09:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/31 19:42:16 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/07/31 19:35:11 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/07/31 19:34:24 | 000,014,315 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/07/31 19:34:07 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/07/31 19:30:42 | 000,000,174 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/31 19:17:46 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/31 19:17:06 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/07/31 19:17:06 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/07/31 19:11:41 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/07/31 19:10:34 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/31 19:07:14 | 000,573,440 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/31 19:07:14 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/31 19:05:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/31 18:43:58 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/07/31 18:43:58 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/07/31 18:43:36 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 00:07:46 | 000,382,022 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 00:07:46 | 000,053,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 00:05:30 | 000,649,088 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 00:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 23:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 00:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 00:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/10 00:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 00:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 00:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 00:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 00:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 00:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 00:00:00 | 000,014,336 | -H-- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/10 00:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 00:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 11:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >
[2010/03/28 20:20:36 | 000,001,497 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Calculator.lnk
[2005/08/31 00:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\desktop.ini
[2006/07/31 19:12:15 | 000,000,909 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\HP Photosmart Premier.lnk
[2007/08/25 13:10:58 | 000,001,577 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2006/07/31 19:26:33 | 000,001,130 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\MSN Encarta Standard.lnk
[2010/10/03 09:11:35 | 000,001,514 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Paint.lnk
[2006/07/31 19:17:31 | 000,000,641 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Rhapsody.lnk
[2005/08/31 00:02:10 | 000,001,607 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2006/07/31 19:34:33 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Snapfish for your photos.lnk
[2005/08/31 00:02:10 | 000,000,398 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2005/08/31 00:02:10 | 000,001,507 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2007/07/27 18:18:37 | 000,000,899 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Reader 5.0.lnk
[2010/04/06 15:38:18 | 000,000,749 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Acrobat_com.lnk
[2010/01/21 23:17:31 | 000,001,868 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop Lightroom 3 Beta.lnk
[2009/09/16 20:36:00 | 000,002,347 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 8.lnk
[2010/04/06 15:37:42 | 000,001,804 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2010/04/05 15:39:18 | 000,001,830 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2005/08/30 23:59:54 | 000,000,150 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2006/01/21 01:46:36 | 000,000,876 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\DISCover My Games™.lnk
[2006/07/31 19:25:38 | 000,001,612 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\DVD Play.lnk
[2006/07/31 19:46:00 | 000,001,908 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\eBay.lnk
[2004/07/08 13:39:58 | 000,000,151 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP Music.url
[2006/07/31 18:48:56 | 000,001,477 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Media Center.lnk
[2008/08/19 15:55:08 | 000,001,808 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft ActiveSync.lnk
[2006/07/31 19:26:25 | 000,001,015 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Money 2006.lnk
[2006/07/31 19:27:46 | 000,001,775 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2010/10/02 22:16:55 | 000,001,625 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Express 7.0.lnk
[2006/07/31 19:27:46 | 000,001,701 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/05/11 16:40:37 | 000,000,741 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2006/07/31 19:45:55 | 000,001,939 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2003/02/27 19:23:50 | 000,001,454 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Backup.lnk
[2007/08/26 16:47:42 | 000,000,888 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Photoshop Elements ReadMe.lnk
[2005/08/30 23:58:06 | 000,000,609 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2005/08/30 23:59:54 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2005/08/30 23:58:06 | 000,001,498 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2011/01/25 14:22:07 | 000,000,255 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2005/08/30 23:58:06 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/10/18 16:55:58 | 000,001,596 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/01/25 14:22:07 | 000,000,721 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2005/08/30 23:58:06 | 000,000,879 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2005/08/30 23:58:06 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2005/08/30 23:58:06 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2005/08/31 00:02:10 | 000,000,516 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2005/08/30 23:58:06 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2005/08/30 23:55:52 | 000,001,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2005/08/30 23:59:42 | 000,001,640 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2005/08/30 23:55:52 | 000,001,646 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2005/08/30 23:57:24 | 000,001,503 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Remote Desktop Connection.lnk
[2005/08/31 00:02:10 | 000,001,700 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2006/07/31 19:10:34 | 000,000,283 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
[2006/07/31 19:10:34 | 000,001,616 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
[2006/07/31 19:10:34 | 000,001,723 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
[2006/07/31 19:10:34 | 000,001,604 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
[2005/08/30 23:58:06 | 000,000,146 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2005/08/30 23:58:06 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2005/08/30 23:58:06 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2005/08/30 23:58:04 | 000,001,478 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center.lnk
[2006/07/31 19:17:44 | 000,000,855 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\DigitalMedia Archive.lnk
[2006/07/31 19:25:38 | 000,001,862 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\DVD Play Setting.lnk
[2005/06/21 17:10:58 | 000,000,874 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\HP Photosmart.lnk
[2006/07/31 19:29:30 | 000,001,908 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\muvee autoProducer.lnk
[2006/07/31 19:06:57 | 000,000,814 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2006/07/31 19:06:57 | 000,000,907 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2005/08/31 00:02:10 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2005/08/30 23:58:06 | 000,001,521 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2005/08/31 00:02:10 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2005/08/30 23:59:50 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2005/08/30 23:59:46 | 000,001,572 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2005/08/31 00:02:10 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2005/08/30 23:59:50 | 000,001,753 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2005/08/31 00:02:10 | 000,001,583 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
[2005/08/30 23:59:46 | 000,001,070 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2005/08/30 23:59:48 | 000,001,616 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2005/08/30 23:57:40 | 000,001,582 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2005/08/31 00:02:10 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2005/08/31 00:02:10 | 000,001,596 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2005/08/31 00:02:10 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2005/08/31 00:02:10 | 000,001,592 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2005/08/31 00:02:10 | 000,001,590 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2006/07/31 18:45:19 | 000,001,118 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2006/07/31 18:45:19 | 000,001,169 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2005/08/31 00:02:10 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2005/08/31 00:02:10 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2010/02/18 09:59:09 | 000,002,007 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\Start ArcSoft Connect.lnk
[2010/02/18 09:59:09 | 000,002,031 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\View My ArcSoft Info.lnk
[2007/07/27 18:17:42 | 000,000,868 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoBase\ReadMe.lnk
[2007/07/27 18:17:42 | 000,000,630 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoBase\Uninstall.lnk
[2007/07/27 18:17:10 | 000,000,938 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 2000\PhotoIsland Image Uploader.lnk
[2007/07/27 18:17:10 | 000,000,917 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 2000\ReadMe.lnk
[2007/07/27 18:17:10 | 000,000,644 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 2000\Uninstall.lnk
[2007/07/27 18:17:10 | 000,000,837 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 2000\Web Services.lnk
[2010/02/18 09:59:06 | 000,001,816 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Album Page.lnk
[2010/02/18 09:59:06 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Funhouse.lnk
[2010/02/18 09:59:06 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Half-Fold Greeting Card.lnk
[2010/02/18 09:59:06 | 000,001,832 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Photo Book.lnk
[2010/02/18 09:59:06 | 000,001,816 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Photo Calendar.lnk
[2010/02/18 09:59:06 | 000,001,792 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Print Creations.lnk
[2010/02/18 09:59:06 | 000,001,820 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Quarter-Fold Greeting Card.lnk
[2010/02/18 09:59:06 | 000,001,818 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Scrapbook.lnk
[2010/02/18 09:59:06 | 000,001,830 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Slimline Card.lnk
[2007/12/05 16:53:10 | 000,000,067 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations\Try Online.url
[2010/02/15 02:36:27 | 000,001,546 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\AVG Free Tray Icon.lnk
[2010/02/15 02:36:27 | 000,001,530 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\AVG Free User Interface.lnk
[2010/02/15 02:36:27 | 000,001,552 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\Uninstall AVG Free.lnk
[2010/05/12 16:05:40 | 000,000,932 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Canon IJ Network Scan Utility ReadMe.lnk
[2010/05/12 16:05:40 | 000,001,855 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Canon IJ Network Scan Utility.lnk
[2010/05/12 16:05:40 | 000,001,848 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Uninstaller.lnk
[2010/05/12 16:05:39 | 000,000,876 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Canon IJ Network Tool ReadMe.lnk
[2010/05/12 16:05:39 | 000,001,783 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Canon IJ Network Tool.lnk
[2010/05/12 16:05:39 | 000,001,776 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Uninstaller.lnk
[2009/01/05 17:46:31 | 000,001,954 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series Manual\MP620 series On-screen Manual.lnk
[2009/01/05 17:46:31 | 000,000,846 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series Manual\Uninstall.lnk
[2010/11/26 16:22:05 | 000,001,708 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series User Registration\User Registration Uninstall.LNK
[2010/11/26 16:22:05 | 000,001,708 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series User Registration\User Registration.LNK
[2010/11/26 16:15:19 | 000,001,291 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series\MP Drivers Uninstaller.lnk
[2010/11/26 16:15:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon MP620 series\Readme.lnk
[2009/11/09 22:28:28 | 000,000,770 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord README.lnk
[2009/11/09 22:28:28 | 000,000,698 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord Uninstall.lnk
[2009/11/09 22:28:28 | 000,000,839 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord.lnk
[2007/07/27 18:18:10 | 000,000,625 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon ScanGear Toolbox 3.0\Read Me.lnk
[2007/07/27 18:18:10 | 000,000,868 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon ScanGear Toolbox 3.0\ScanGear Toolbox 3.0.lnk
[2007/07/27 18:18:10 | 000,000,860 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon ScanGear Toolbox 3.0\Uninstall ScanGear Toolbox 3.0.lnk
[2010/01/02 16:13:17 | 000,001,010 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindow\CameraWindow ReadMe.lnk
[2010/01/02 16:13:17 | 000,001,029 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindow\CameraWindow Uninstall.lnk
[2010/01/02 16:13:17 | 000,001,052 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindow\CameraWindow.lnk
[2010/01/02 16:12:56 | 000,000,926 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\MyCamera\MyCamera Readme.lnk
[2010/01/02 16:12:56 | 000,001,005 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\MyCamera\MyCamera Uninstall.lnk
[2010/01/02 16:12:56 | 000,000,938 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\MyCamera\MyCamera.lnk
[2010/01/02 16:13:50 | 000,000,975 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
[2010/01/02 16:13:50 | 000,001,019 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
[2010/01/02 16:13:28 | 000,000,982 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
[2010/01/02 16:13:29 | 000,001,021 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
[2010/01/02 16:13:31 | 000,001,029 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
[2010/01/02 16:14:13 | 000,000,942 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Readme.lnk
[2010/01/02 16:14:13 | 000,001,013 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Uninstall.lnk
[2010/05/12 16:07:21 | 000,001,747 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Readme.lnk
[2010/05/12 16:07:22 | 000,001,809 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Uninstall.lnk
[2010/05/12 16:07:21 | 000,001,763 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX.lnk
[2010/01/02 16:10:16 | 000,000,734 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
[2010/01/02 16:10:16 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
[2010/01/02 16:10:16 | 000,000,761 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
[2010/01/02 16:10:16 | 000,000,857 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\WFTPairing.lnk
[2010/01/02 16:14:04 | 000,000,942 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
[2010/01/02 16:14:04 | 000,001,099 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
[2010/05/12 16:06:18 | 000,001,765 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 2.0\MP Navigator EX 2.0.lnk
[2010/05/12 16:06:18 | 000,001,758 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 2.0\MP Navigator EX Readme.lnk
[2010/05/12 16:06:18 | 000,001,845 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 2.0\MP Navigator EX Uninstall.lnk
[2010/11/26 16:13:21 | 000,001,666 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Readme.lnk
[2010/11/26 16:13:21 | 000,001,728 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Uninstall.lnk
[2010/11/26 16:13:21 | 000,001,681 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer.lnk
[2010/01/02 16:14:33 | 000,000,975 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Original Data Security Tools\Original Data Security Administrator.lnk
[2010/01/02 16:14:33 | 000,001,013 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Original Data Security Tools\Original Data Security Tools Uninstall.lnk
[2010/01/02 16:14:33 | 000,000,945 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Original Data Security Tools\Original Data Security Utility.lnk
[2010/01/02 16:14:27 | 000,000,804 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch README.lnk
[2010/01/02 16:14:27 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2010/01/02 16:14:27 | 000,000,826 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2009/11/09 22:31:43 | 000,001,625 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
[2009/11/09 22:31:43 | 000,002,030 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Uninstall.lnk
[2010/05/12 16:07:33 | 000,001,693 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Readme.lnk
[2010/05/12 16:07:33 | 000,001,755 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Uninstall.lnk
[2010/05/12 16:07:33 | 000,001,709 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu.lnk
[2010/01/02 16:14:29 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\WFT Utility\WFT Utility Uninstall.lnk
[2010/01/02 16:14:29 | 000,000,771 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\WFT Utility\WFT-E1 Utility.lnk
[2010/01/02 16:14:29 | 000,000,771 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\WFT Utility\WFT-E2 Utility.lnk
[2010/01/02 16:14:29 | 000,000,771 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\WFT Utility\WFT-E3 Utility.lnk
[2010/01/02 16:14:29 | 000,000,771 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\WFT Utility\WFT-E4 Utility.lnk
[2010/01/02 16:12:47 | 000,000,993 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility Uninstall.lnk
[2010/01/02 16:12:47 | 000,000,880 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility.lnk
[2010/01/02 16:11:51 | 000,000,925 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX README.lnk
[2010/01/02 16:11:51 | 000,001,001 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX UnInstall.lnk
[2010/01/02 16:11:51 | 000,000,952 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2010/03/31 20:41:40 | 000,001,755 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Carbonite\Carbonite Online Backup Setup.lnk
[2007/09/15 11:21:46 | 000,000,751 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\SureThing CD Labeler Read Me.lnk
[2007/09/15 11:21:47 | 000,000,744 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\SureThing CD Labeler.lnk
[2007/09/15 11:21:46 | 000,000,530 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\CD Art\CD Art Readme.lnk
[2007/09/15 11:21:46 | 000,000,530 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\CD Art\CD Art.lnk
[2007/09/15 11:21:45 | 000,000,630 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Read Me.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 5\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 5\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 5\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,831 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 5\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 5\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 6\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 6\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 6\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,831 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 6\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 6\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 7\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 7\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 7\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,831 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 7\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 7\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 8\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 8\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 8\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,831 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 8\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Corel Draw\Corel Draw 8\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,709 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\EPS\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,692 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\EPS\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,709 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\EPS\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,716 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\EPS\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,709 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\EPS\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,515 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\A4 80mm Mini Label.lnk
[2007/09/15 11:21:46 | 000,000,545 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\A4 Business Card 61mm.lnk
[2007/09/15 11:21:46 | 000,000,545 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\A4 Business Card 63mm.lnk
[2007/09/15 11:21:46 | 000,000,461 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,445 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,515 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US 80mm Mini Label.lnk
[2007/09/15 11:21:46 | 000,000,545 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US Business Card 61mm.lnk
[2007/09/15 11:21:46 | 000,000,545 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US Business Card 63mm.lnk
[2007/09/15 11:21:46 | 000,000,461 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,465 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,461 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Illustrator 7\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Publisher 97\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Publisher 97\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Publisher 97\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Publisher 97\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Publisher 97\US Pro CD.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 6\A4 Jewel Case.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 6\A4 Pro CD.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 6\US Jewel Case.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 6\US Original CD.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 6\US Pro CD.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 7\US Jewel Case.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 7\US Original CD.lnk
[2007/09/15 11:21:45 | 000,000,824 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 7\US Pro CD.lnk
[2007/09/15 11:21:45 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 97\A4 Jewel Case.lnk
[2007/09/15 11:21:45 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 97\A4 Pro CD.lnk
[2007/09/15 11:21:45 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 97\US Jewel Case.lnk
[2007/09/15 11:21:45 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 97\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\MS Word\Word 97\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Photoshop\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,733 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Photoshop\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Photoshop\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Photoshop\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\Photoshop\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,718 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\TIFF\A4 Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,701 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\TIFF\A4 Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,718 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\TIFF\US Jewel Case.lnk
[2007/09/15 11:21:46 | 000,000,725 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\TIFF\US Original CD.lnk
[2007/09/15 11:21:46 | 000,000,718 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Layouts\TIFF\US Pro CD.lnk
[2007/09/15 11:21:46 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\CD Stomper - MicroVision\Manual\Manual.lnk
[2009/08/12 18:15:26 | 000,002,008 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Citrix\Citrix XenApp.lnk
[2009/04/20 22:38:20 | 000,001,581 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Coupons.com.lnk
[2009/04/20 22:38:20 | 000,001,735 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
[2006/07/31 19:22:53 | 000,002,132 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\- My HP Game Console -.lnk
[2006/07/31 19:22:53 | 000,001,298 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\- Visit HP Games website -.lnk
[2010/11/26 16:07:09 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2005/08/30 23:58:06 | 000,001,522 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2005/08/30 23:58:06 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/11/26 16:07:09 | 000,000,924 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/11/26 16:07:09 | 000,000,924 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/11/26 16:07:09 | 000,000,924 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2010/11/26 16:07:09 | 000,000,924 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2010/11/26 16:07:09 | 000,000,924 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2005/08/30 23:58:06 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2005/08/30 23:58:06 | 000,000,885 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2005/08/30 23:58:06 | 000,001,491 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2005/08/30 23:58:06 | 000,001,502 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2008/04/14 20:50:55 | 000,000,813 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
[2008/04/14 20:50:55 | 000,000,455 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\GIMP\Readme.lnk
[2008/04/14 20:50:55 | 000,000,725 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
[2007/08/27 10:52:06 | 000,001,762 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Stop HP Product Survey Program Participation.lnk
[2007/07/25 13:42:43 | 000,000,607 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Help.lnk
[2007/07/25 13:42:43 | 000,000,611 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\License.lnk
[2007/07/25 13:42:43 | 000,000,597 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Memories Disc.lnk
[2007/07/25 13:42:43 | 000,000,607 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Readme.lnk
[2007/07/25 13:42:50 | 000,001,024 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\About.lnk
[2007/07/25 13:42:09 | 000,000,743 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Photo & Imaging Director.lnk
[2007/07/25 13:42:09 | 000,000,739 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Photo & Imaging Software Help.lnk
[2007/08/27 11:09:49 | 000,001,093 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Photosmart 7700 Series Demo Page.lnk
[2007/07/25 13:42:09 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Product Registration.lnk
[2007/07/25 13:42:09 | 000,000,766 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Product Support Website.lnk
[2007/07/25 13:42:50 | 000,000,986 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Readme.lnk
[2007/07/25 13:42:50 | 000,001,150 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Photosmart 140,240,7200,7600,7700,7900 Series\Uninstall Software.lnk
[2006/07/31 19:35:02 | 000,001,558 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\Adobe Store.lnk
[2006/07/31 20:00:10 | 000,001,580 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\NetSmartz.lnk
[2003/02/27 19:23:50 | 000,001,454 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\Online Backup.lnk
[2006/07/31 19:34:51 | 000,001,606 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\Online File Sharing.lnk
[2006/07/31 19:56:29 | 000,001,590 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\Symantec Security Check.lnk
[2007/10/06 14:56:12 | 000,001,848 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\HP\HP Photosmart Essential
[2006/07/31 19:12:52 | 000,001,898 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Express.lnk
[2006/07/31 19:12:15 | 000,000,921 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Premier.lnk
[2006/07/31 19:12:52 | 000,001,838 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Transfer.lnk
[2006/07/31 19:11:56 | 000,001,895 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Tour.lnk
[2006/07/31 19:25:03 | 000,001,839 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Update.lnk
[2007/05/15 20:07:00 | 000,001,839 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Update.lnk
[2007/08/27 10:55:22 | 000,000,717 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet D4100 series\Help.lnk
[2007/08/27 10:55:22 | 000,000,843 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet D4100 series\Product Registration.lnk
[2007/08/27 10:55:22 | 000,001,072 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet D4100 series\Product Support Website.lnk
[2007/08/27 10:55:22 | 000,000,804 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet D4100 series\Readme.lnk
[2007/08/27 10:55:22 | 000,001,234 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet D4100 series\Uninstall.lnk
[2007/10/06 14:56:12 | 000,001,858 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Essential\HP Photosmart Essential.lnk
[2007/10/06 14:56:12 | 000,001,750 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Essential\Uninstall.lnk
[2011/03/24 16:33:44 | 000,001,825 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/03/24 16:33:44 | 000,001,565 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2007/01/03 16:30:41 | 000,000,852 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Manual.lnk
[2007/01/03 16:30:41 | 000,000,864 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk
[2007/01/03 16:30:41 | 000,000,852 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft Ad-Aware SE Personal\Uninstall Ad-Aware SE Personal.lnk
[2010/04/16 09:57:53 | 000,000,981 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\LeapFrog Connect Quick Start Guide.lnk
[2010/04/16 09:57:52 | 000,000,853 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\LeapFrog Connect.lnk
[2010/04/16 09:57:52 | 000,000,772 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk
[2006/07/31 19:18:36 | 000,001,822 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Express Labeler.lnk
[2006/07/31 19:24:37 | 000,001,801 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2006/07/31 19:24:37 | 000,000,053 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.url
[2006/07/31 19:24:37 | 000,000,072 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.url
[2011/05/19 18:55:50 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
[2011/05/19 18:55:50 | 000,000,807 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
[2011/05/19 18:55:50 | 000,000,831 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
[2009/07/25 12:17:24 | 000,001,889 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Editor.lnk
[2009/07/25 12:18:43 | 000,001,755 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Library.lnk
[2009/07/25 12:18:43 | 000,001,844 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Photo Story 3.1.lnk
[2011/04/21 03:03:22 | 000,002,549 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
[2010/03/27 12:42:05 | 000,002,583 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
[2010/03/27 12:42:05 | 000,002,599 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk
[2010/03/27 12:42:05 | 000,002,551 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
[2010/03/27 12:42:05 | 000,002,517 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk
[2011/05/04 17:51:57 | 000,002,509 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
[2010/03/27 12:42:05 | 000,002,553 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2010/03/27 12:42:05 | 000,002,533 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/03/27 12:42:05 | 000,002,433 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
[2010/03/27 12:42:05 | 000,002,453 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
[2010/03/27 12:42:06 | 000,002,551 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
[2010/03/27 12:42:05 | 000,002,407 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2010/03/27 12:42:05 | 000,002,691 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2010/03/27 12:42:05 | 000,002,693 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2010/03/27 12:42:05 | 000,002,509 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2006/07/31 19:27:46 | 000,001,543 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2006/07/31 19:27:46 | 000,001,901 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2006/07/31 19:27:46 | 000,002,032 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2006/07/31 19:27:46 | 000,001,689 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2006/07/31 19:27:46 | 000,001,671 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2006/07/31 19:27:46 | 000,001,707 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2006/07/31 19:27:46 | 000,001,691 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2006/07/31 19:27:46 | 000,000,843 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
[2010/03/22 22:01:03 | 000,000,663 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\MOV to WMV\MOV to WMV.lnk
[2010/03/22 22:01:03 | 000,000,663 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\MOV to WMV\Uninstall MOV to WMV.lnk
[2006/07/31 19:29:55 | 000,001,647 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\muvee Technologies\muvee autoProducer 5.0\muvee autoProducer 5.0 - SE.lnk
[2006/07/31 19:29:55 | 000,000,703 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\muvee Technologies\muvee autoProducer 5.0\muvee autoProducer 5.0 Help.lnk
[2006/07/31 19:29:56 | 000,000,697 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\muvee Technologies\muvee autoProducer 5.0\Readme.lnk
[2006/07/31 19:29:57 | 000,000,823 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\muvee Technologies\muvee autoProducer 5.0\Watch the commercial.lnk
[2006/07/31 19:22:53 | 000,002,132 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\- My HP Game Console -.lnk
[2006/07/31 19:22:49 | 000,001,870 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Airstrike 2 Gulf Thunder.lnk
[2006/07/31 19:22:49 | 000,001,860 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Alien Shooter.lnk
[2006/07/31 19:22:49 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Bejeweled 2 Deluxe.lnk
[2006/07/31 19:22:49 | 000,001,804 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Bistro Stars.lnk
[2006/07/31 19:22:48 | 000,001,822 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Blackhawk Striker 2.lnk
[2006/07/31 19:22:47 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Blasterball 2 Remix.lnk
[2006/07/31 19:22:48 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Blasterball 2 Revolution.lnk
[2006/07/31 19:22:49 | 000,001,804 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Bookworm Deluxe.lnk
[2006/07/31 19:22:48 | 000,001,790 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Bounce Symphony.lnk
[2006/07/31 19:22:50 | 000,001,842 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Cake Mania.lnk
[2006/07/31 19:22:50 | 000,001,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Chuzzle Deluxe.lnk
[2006/07/31 19:22:50 | 000,001,792 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Diner Dash.lnk
[2006/07/31 19:22:50 | 000,001,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Family Feud.lnk
[2006/07/31 19:22:48 | 000,001,738 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\FATE.lnk
[2006/07/31 19:22:50 | 000,001,860 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Garden Dreams.lnk
[2006/07/31 19:22:50 | 000,001,868 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Insaniquarium Deluxe.lnk
[2006/07/31 19:22:51 | 000,001,834 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\JEOPARDY.lnk
[2006/07/31 19:22:51 | 000,001,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Jewel Quest.lnk
[2006/07/31 19:22:51 | 000,001,848 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\LEGO Builder Bots.lnk
[2006/07/31 19:22:51 | 000,001,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Mah Jong Quest.lnk
[2006/07/31 19:22:51 | 000,001,848 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Mystery Case Files.lnk
[2006/07/31 19:22:53 | 000,001,774 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Penguins!.lnk
[2006/07/31 19:22:47 | 000,001,774 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Polar Bowler.lnk
[2006/07/31 19:22:47 | 000,001,770 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Polar Golfer.lnk
[2006/07/31 19:22:52 | 000,001,880 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Ricochet Lost Worlds.lnk
[2006/07/31 19:22:52 | 000,001,776 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\SCRABBLE.lnk
[2006/07/31 19:22:52 | 000,001,788 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Slingo Deluxe.lnk
[2006/07/31 19:22:52 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Snowy Space Trip.lnk
[2006/07/31 19:22:47 | 000,001,778 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Super Granny.lnk
[2006/07/31 19:22:48 | 000,001,786 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Tradewinds.lnk
[2006/07/31 19:22:52 | 000,001,880 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\Wheel of Fortune.lnk
[2010/03/29 09:39:43 | 000,000,713 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\How to install plug-in.lnk
[2010/03/29 09:39:43 | 000,000,644 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Legal Information.lnk
[2010/03/29 09:39:43 | 000,000,724 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Neat Image.lnk
[2010/03/29 09:39:43 | 000,000,651 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Read Me.lnk
[2010/03/29 09:39:43 | 000,000,663 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Uninstall.lnk
[2010/03/29 09:39:43 | 000,000,668 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\User Guide.lnk
[2010/03/29 09:39:43 | 000,000,663 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\What's New.lnk
[2010/03/29 09:39:43 | 000,000,776 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Bug report form.lnk
[2010/03/29 09:39:43 | 000,000,806 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\How to use Neat Image.lnk
[2010/03/29 09:39:43 | 000,000,781 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Neat Image forum.lnk
[2010/03/29 09:39:43 | 000,000,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Neat Image web page.lnk
[2010/03/29 09:39:43 | 000,000,796 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\New! Neat Video filter plug-in.lnk
[2010/03/29 09:39:43 | 000,000,776 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Profile library.lnk
[2010/03/29 09:39:43 | 000,000,741 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Purchase a Neat Image license.lnk
[2010/03/29 09:39:43 | 000,000,791 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Neat Image\Web Links\Support via e-mail.lnk
[2006/07/31 19:17:05 | 000,001,770 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Netscape\Netscape Browser.lnk
[2006/07/31 19:17:05 | 000,001,770 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Netscape\Uninstall.lnk
[2006/07/31 19:45:23 | 000,001,922 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Easy Internet Sign-up.lnk
[2006/07/31 19:46:45 | 000,001,678 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Canada\AOL Canada.lnk
[2006/07/31 19:46:05 | 000,001,861 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Canada\FREE Vonage.lnk
[2006/07/31 19:46:51 | 000,001,710 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Canada\KOL.lnk
[2006/07/31 19:47:18 | 000,001,855 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Canada\Netscape Online Canada.lnk
[2006/07/31 19:46:15 | 000,001,959 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\Canada\Zip.ca - Online DVD Rentals.lnk
[2006/07/31 19:46:39 | 000,001,966 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\America Online.lnk
[2006/07/31 19:45:49 | 000,001,764 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\EarthLink.lnk
[2006/07/31 19:46:10 | 000,001,859 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\Get Vonage.lnk
[2006/07/31 19:45:55 | 000,001,875 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\MSN.lnk
[2006/07/31 19:47:29 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\Netscape Internet Service.lnk
[2006/07/31 19:47:39 | 000,001,687 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Online Services\United States\PeoplePC.lnk
[2011/01/25 14:26:31 | 000,001,850 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\MotionDV STUDIO 5.6E LE for DV\Manual(PDF format).lnk
[2011/01/25 14:23:20 | 000,001,908 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\MotionDV STUDIO 5.6E LE for DV\MotionDV STUDIO LE for DV.lnk
[2011/01/25 14:26:31 | 000,001,915 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\MotionDV STUDIO 5.6E LE for DV\Quick Start Guide.lnk
[2011/01/25 14:23:20 | 000,001,850 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\MotionDV STUDIO 5.6E LE for DV\Readme First.lnk
[2008/01/14 00:38:47 | 000,001,778 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\Quick Movie Magic 1.0E\Manual (PDF format).lnk
[2008/01/14 00:38:47 | 000,001,843 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\Quick Movie Magic 1.0E\Quick Movie Magic.lnk
[2008/01/14 00:38:47 | 000,001,778 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\Quick Movie Magic 1.0E\Readme First.lnk
[2010/04/08 20:37:57 | 000,001,692 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Pandora Recovery\Launch Pandora Recovery.lnk
[2010/04/08 20:37:57 | 000,000,577 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Pandora Recovery\Uninstall Pandora Recovery.lnk
[2006/07/31 19:40:40 | 000,001,845 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Advanced Troubleshooting Tools.lnk
[2006/07/31 19:28:33 | 000,001,584 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\HP Application Recovery.lnk
[2006/07/31 18:52:44 | 000,000,608 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\HP Pavilion support information.lnk
[2006/07/31 19:28:34 | 000,001,574 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\HP PC Recovery CD-DVD Creator.lnk
[2006/07/31 19:28:34 | 000,001,697 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\HP PC Recovery Tools CD.lnk
[2006/07/31 19:28:34 | 000,001,582 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\HP PC System Recovery.lnk
[2006/07/31 19:42:16 | 000,001,713 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\PC-Doctor 5 for Windows.lnk
[2006/02/16 11:32:10 | 000,001,647 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\PC-Doctor Offline DOS Diagnostic.lnk
[2010/03/22 23:39:14 | 000,000,603 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Register with HP.url
[2006/07/31 19:28:58 | 000,000,731 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Software Repair Wizard.lnk
[2006/07/31 19:28:35 | 000,001,616 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\System Restore.lnk
[2006/07/31 19:35:16 | 000,001,887 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Updates from HP.lnk
[2010/03/07 21:45:07 | 000,000,854 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk
[2010/03/07 21:45:07 | 000,000,782 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Picasa 3.lnk
[2010/03/07 21:45:09 | 000,000,794 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Uninstall.lnk
[2006/07/31 19:30:54 | 000,001,654 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\Billminder.lnk
[2006/07/31 19:30:54 | 000,001,618 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\Quicken 2006.lnk
[2006/07/31 19:30:54 | 000,000,646 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\What's New In Quicken 2006.lnk
[2011/03/24 16:30:20 | 000,001,802 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/03/24 16:30:20 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/03/24 16:30:20 | 000,001,802 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/03/24 16:30:20 | 000,001,650 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2008/10/11 14:53:40 | 000,000,920 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Real\RealPlayer
[2006/07/31 19:16:23 | 000,000,695 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
[2006/07/31 19:16:23 | 000,000,581 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2006/07/31 19:16:23 | 000,000,679 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2006/07/31 19:16:23 | 000,000,843 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2006/07/31 19:16:23 | 000,000,862 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2006/07/31 19:16:23 | 000,000,733 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2006/07/31 19:16:23 | 000,000,951 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
[2008/08/19 15:28:48 | 000,000,653 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
[2006/07/31 19:17:31 | 000,000,653 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Check Web For Update.lnk
[2006/07/31 19:17:31 | 000,000,653 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
[2008/08/19 15:28:50 | 000,000,735 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
[2006/07/31 19:17:31 | 000,000,735 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Uninstall.lnk
[2009/12/11 10:08:55 | 000,001,854 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Safari\Safari.lnk
[2007/11/26 00:39:58 | 000,001,759 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Seagate\FreeAgent Tools.lnk
[2007/11/26 00:39:58 | 000,000,757 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Seagate\SeagateTrayMenu.lnk
[2006/07/31 19:34:33 | 000,001,714 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Snapfish for your photos\Snapfish for your photos.lnk
[2006/07/31 19:18:29 | 000,001,901 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Sonic\DigitalMedia Home.lnk
[2006/07/31 19:18:36 | 000,001,822 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Sonic\Express Labeler.lnk
[2006/07/31 19:23:58 | 000,001,645 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD Plus.lnk
[2007/08/26 16:47:43 | 000,000,901 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2010/03/22 19:32:03 | 000,002,447 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Startup\Citrix XenApp.lnk
[2005/08/31 00:02:10 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2007/10/06 14:53:17 | 000,000,809 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2006/12/30 16:43:31 | 000,001,879 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Startup\Updates From HP.lnk
[2010/04/19 13:52:53 | 000,002,467 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
[2010/05/01 10:04:05 | 000,000,687 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Steam\Steam.lnk
[2008/01/09 18:35:18 | 000,001,984 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\The Print Shop\The Print Shop Zoom\Readme.lnk
[2008/01/09 18:35:18 | 000,001,986 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\The Print Shop\The Print Shop Zoom\Register.lnk
[2006/07/31 19:42:50 | 000,001,426 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Getting Started Guide.lnk
[2006/07/31 19:42:23 | 000,001,438 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Media Center Software Guide.lnk
[2006/07/31 19:42:38 | 000,001,505 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Safety & Comfort Guide.lnk
[2006/07/31 19:42:44 | 000,001,462 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Upgrading and Servicing Guide.lnk
[2005/08/30 23:57:30 | 000,001,082 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Audio Converter.lnk
[2005/08/30 23:57:30 | 000,000,897 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows CD Label Maker.lnk
[2005/08/30 23:57:30 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Dancer.lnk
[2005/08/30 23:57:30 | 000,001,032 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Party Mode.lnk
[2011/04/14 15:11:52 | 000,001,942 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
[2011/04/14 15:13:50 | 000,001,958 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
[2007/01/17 10:38:15 | 000,000,972 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\Account Billing.lnk
[2007/01/17 10:38:15 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\Blizzard Technical Support.lnk
[2007/01/17 10:38:15 | 000,001,106 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\Burning Crusade - Manual.lnk
[2007/01/17 10:38:15 | 000,001,042 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\World of Warcraft - Manual.lnk
[2007/03/06 15:56:59 | 000,000,686 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\World of Warcraft - Repair.lnk
[2007/01/17 10:38:15 | 000,001,117 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\World of Warcraft - Uninstall.lnk
[2007/01/17 10:38:15 | 000,001,095 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\World of Warcraft Read Me.lnk
[2007/03/06 15:56:59 | 000,000,698 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\1\Programs\World of Warcraft\World of Warcraft.lnk
[2010/03/22 23:43:39 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\smtmp\2\desktop.ini
[2006/01/21 01:46:36 | 000,000,876 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\DISCover My Games™.lnk
[2011/05/19 17:15:41 | 000,002,470 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2010/03/22 23:43:39 | 000,000,790 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2010/03/22 23:38:12 | 000,001,489 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Media Center.lnk
[2011/05/11 16:40:37 | 000,000,753 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2006/07/31 19:22:53 | 000,002,138 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\My HP Games.lnk
[2010/03/29 09:39:43 | 000,000,730 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Neat Image.lnk
[2006/07/31 19:17:05 | 000,001,776 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Netscape Browser.lnk
[2006/07/31 19:16:29 | 000,000,926 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\RealPlayer.lnk
[2006/07/31 19:17:32 | 000,000,659 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Rhapsody.lnk
[2005/08/31 00:06:40 | 000,000,079 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2010/04/05 15:27:12 | 000,000,815 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2010/05/12 16:05:39 | 000,001,673 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Canon IJ Network Tool.lnk
[2010/11/26 16:22:05 | 000,001,696 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Canon MP620 series User Registration.LNK
[2010/05/12 16:07:33 | 000,001,691 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Canon Solution Menu.lnk
[2010/03/31 20:41:39 | 000,001,743 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Carbonite Online Backup Setup.lnk
[2010/04/22 09:29:42 | 000,001,844 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Easy Internet Sign-up.lnk
[2006/07/31 19:36:14 | 000,001,903 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Help and Support.lnk
[2007/10/06 14:53:17 | 000,000,909 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\HP Photosmart Premier.lnk
[2011/03/24 16:33:44 | 000,001,553 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2010/04/16 09:58:02 | 000,000,651 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\LeapFrog Connect.lnk
[2011/05/19 18:55:50 | 000,000,795 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/10/02 22:16:55 | 000,001,619 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Microsoft Picture It! Express 7.0.lnk
[2011/01/25 14:26:31 | 000,001,784 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\MotionDV STUDIO LE for DV.lnk
[2010/03/22 22:01:03 | 000,000,651 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\MOV to WMV.lnk
[2011/05/11 16:40:37 | 000,000,735 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2010/05/12 16:06:18 | 000,001,747 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\MP Navigator EX 2.0.lnk
[2006/07/31 19:45:55 | 000,001,857 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\MSN.lnk
[2010/11/26 16:13:21 | 000,001,663 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\My Printer.lnk
[2009/09/22 17:54:09 | 000,000,770 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Picasa 3.lnk
[2006/07/31 19:16:29 | 000,000,908 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\RealPlayer.lnk
[2006/07/31 19:17:32 | 000,000,641 | -H-- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\smtmp\4\Rhapsody.lnk

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 22 June 2011 - 08:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 23 June 2011 - 05:29 PM

Hi Gringo,

I've had some issues with running combofix, and before I continued, I wanted to verify that I was still proceeding correctly. The first time I ran combofix, it froze and eventually I had to manually turn off the computer and turn it back on. In order to proceed, I ran the Unhide tool from your first post, restarted and then tried again to run combofix. Because it did not appear on my desktop when I restarted, I attempted to download it again from the link provided in your second post. My computer then told me that a file by that name already existed, and was read-only protected. I then manually ran it from the start menu by selecting run: and then using the browse feature to navigate to the desktop and then manually typing in combofix.exe in the box. When I ran combofix this way, it seemed to successfully complete, and my computer restarted. However, when it booted back up, everything on my desktop was again hidden, and the Windows XP recovery window and all of the accompanying error messages returned. Should I run combofix again? If so, should I run the Unhide tool first so that I will be able to see any logs that I need to save?

Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 23 June 2011 - 06:00 PM

Hello

I would like you to download these programs if you don't have them yet to the desktop and have them ready to use .

RKill - exeHelper - Malwarebytes' Anti-Malware
Unhide.exe


After you have them on your desktop restart your computer and as soon as you can start with RKill

:Rkill:

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine,
If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program


Next I want you to run the unhide.exe program just double click to run it.

: Malwarebytes' Anti-Malware :

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me have these logs and let me know how the computer is doing

Gringo

Edited by gringo_pr, 23 June 2011 - 06:01 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 23 June 2011 - 09:07 PM

Hi Gringo,

The last few steps seem to have made a big difference in the infection. When I first restarted after downloading Rkill, exeHelper, Unhide and MBAM my computer had reverted to showing nothing on the desktop but My Documents, My Computer, My Network Places and Recycle Bin. I ran Unhide first, and then ran Rkill until it finished. I ran exeHelper without any problems. I then ran Unhide again, just to follow the order you had originally requested. I then installed and updated MBAM and did a quick scan. When I restarted after running MBAM the computer appears to be almost back to normal. The only thing that concerns me is that Windows XP Recovery remains as a hyperlink on the desktop and also as a folder in my Program Files folder. Additionally, the iexplore.exe icon on my desktop appears to have been replaced by a strange appearing red and white biohazard symbal in a black crosshair.

In any event here are the logs from exeHelper and MBAM that you requested.

exeHelper:
exeHelper by Raktor
Build 20100414
Run at 20:53:27 on 06/23/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/23/2011 9:47:31 PM
mbam-log-2011-06-23 (21-47-31).txt

Scan type: Quick scan
Objects scanned: 197181
Time elapsed: 33 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEXFxpGUVShIHWB (Rogue.FakeHDD) -> Value: MEXFxpGUVShIHWB -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\mexfxpguvshihwb.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13623076.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 23 June 2011 - 09:25 PM

Hello

glad to hear we are making headway - now lets try combofix again - if it asks to update allow it and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 23 June 2011 - 10:02 PM

I've had a few unsuccessful attempts at trying to run Combofix.

First attempt - failed when it asked me to uninstall AVG Free 9.0 - My start menu/programs/AVG Free 9.0 folder contains an AVG uninstaller which I tried to run and found it failed to finish because it is already uninstalled
Second attempt - froze
Third attempt - Halfway through I got the following error message
Error opening the file for writing:
C:\\32788R22FWJFW\iexplore.exe
Click abort to stop the installation, retry to try again, or ignore to skip this file
Tried retry several times without success; eventually chose ignore; it then seemed to finished running, however the computer froze on a blue error screen.
After restarting the computer I ran Combofix for a fourth time, and ran into the same error message regarding AVG Free 9.0 as the first time. I really don't think AVG is even installed anymore, and it certainly doesn't seem to be running. Any thoughts?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 23 June 2011 - 10:16 PM

run their AVG removal tool - 32 bit


Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 23 June 2011 - 11:27 PM

Hi Gringo

I ran into the same problems in safe mode as I did in a normal Windows session. Even after I ran the AVG removal tool the first attempt at Combofix stopped halfway through and said that I would need to remove AVG before I could run Combofix. I re-ran the AVG removal tool and tried Combofix again and had the same issue with the warning about the iexplore.exe file. When I ignored this, it seemed to continue through most of the operation before abruptly restarting the computer. I routed the computer back into safe mode and logged back in as the default user. Combofix did not seem to try to finish the scan automatically so I started it up again, and with this attempt, it got most of the way through the operation again before locking up my computer in a blue error screen. I went through this cycle twice and had the same issues both times.

I do now have a catchme.txt on my desktop, is this from Combofix?

What should I do now?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 23 June 2011 - 11:33 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 23 June 2011 - 11:46 PM

I seem to have run into another problem with TDSSKiller. I can save it to my desktop without issue, but when I try to run the program nothing happens. An hourglass pops up for a split second and then disappears without anything opening. When I open up my task manager it doesn't appear to be running or failing to respond either.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 23 June 2011 - 11:49 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 danmastaflex

danmastaflex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 24 June 2011 - 12:06 AM

I ran the TDSS Fix Tool and it found an infected driver: VolSnap.sys; I chose the repair option and it said that the repair was successful. I then restarted and ran the TDSSKiller tool. The scan found no errors or infections. Here is the report:

2011/06/24 01:00:12.0984 3028 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/24 01:00:13.0625 3028 ================================================================================
2011/06/24 01:00:13.0625 3028 SystemInfo:
2011/06/24 01:00:13.0625 3028
2011/06/24 01:00:13.0625 3028 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/24 01:00:13.0625 3028 Product type: Workstation
2011/06/24 01:00:13.0625 3028 ComputerName: YOUR-4DACD0EA75
2011/06/24 01:00:13.0625 3028 UserName: HP_Administrator
2011/06/24 01:00:13.0625 3028 Windows directory: C:\WINDOWS
2011/06/24 01:00:13.0625 3028 System windows directory: C:\WINDOWS
2011/06/24 01:00:13.0625 3028 Processor architecture: Intel x86
2011/06/24 01:00:13.0625 3028 Number of processors: 2
2011/06/24 01:00:13.0625 3028 Page size: 0x1000
2011/06/24 01:00:13.0625 3028 Boot type: Normal boot
2011/06/24 01:00:13.0625 3028 ================================================================================
2011/06/24 01:00:19.0687 3028 Initialize success
2011/06/24 01:00:35.0968 3828 ================================================================================
2011/06/24 01:00:35.0968 3828 Scan started
2011/06/24 01:00:35.0968 3828 Mode: Manual;
2011/06/24 01:00:35.0968 3828 ================================================================================
2011/06/24 01:00:49.0296 3828 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/24 01:00:50.0390 3828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/24 01:00:52.0625 3828 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/24 01:00:53.0984 3828 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/24 01:00:59.0140 3828 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/24 01:01:00.0812 3828 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/06/24 01:01:01.0671 3828 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/06/24 01:01:02.0406 3828 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/06/24 01:01:03.0187 3828 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/06/24 01:01:04.0062 3828 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/24 01:01:04.0921 3828 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/06/24 01:01:07.0828 3828 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/24 01:01:08.0500 3828 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/24 01:01:09.0796 3828 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/24 01:01:10.0453 3828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/24 01:01:11.0218 3828 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/06/24 01:01:11.0937 3828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/24 01:01:13.0062 3828 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
2011/06/24 01:01:14.0187 3828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/24 01:01:14.0953 3828 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/24 01:01:16.0078 3828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/24 01:01:16.0468 3828 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/24 01:01:17.0109 3828 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/24 01:01:21.0015 3828 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/24 01:01:22.0171 3828 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/24 01:01:23.0265 3828 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/24 01:01:23.0968 3828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/24 01:01:24.0906 3828 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/24 01:01:26.0140 3828 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/24 01:01:26.0859 3828 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/24 01:01:27.0859 3828 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/24 01:01:28.0500 3828 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/24 01:01:29.0265 3828 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/24 01:01:30.0031 3828 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/24 01:01:30.0937 3828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/24 01:01:31.0765 3828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/24 01:01:32.0468 3828 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/06/24 01:01:33.0484 3828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/24 01:01:34.0265 3828 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/24 01:01:35.0062 3828 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/24 01:01:36.0593 3828 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/06/24 01:01:37.0578 3828 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2011/06/24 01:01:38.0484 3828 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/24 01:01:40.0078 3828 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/24 01:01:40.0562 3828 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/24 01:01:41.0203 3828 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/24 01:01:42.0921 3828 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/24 01:01:43.0359 3828 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/24 01:01:44.0000 3828 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/24 01:01:44.0375 3828 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/24 01:01:44.0765 3828 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/24 01:01:45.0203 3828 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/24 01:01:45.0609 3828 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/24 01:01:46.0000 3828 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/24 01:01:46.0375 3828 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/24 01:01:46.0750 3828 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/24 01:01:47.0156 3828 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/24 01:01:47.0828 3828 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/24 01:01:48.0203 3828 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/24 01:01:48.0531 3828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/24 01:01:48.0937 3828 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/24 01:01:49.0265 3828 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/24 01:01:49.0671 3828 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/24 01:01:50.0343 3828 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/24 01:01:50.0843 3828 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/24 01:01:51.0250 3828 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/24 01:01:51.0578 3828 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/24 01:01:51.0937 3828 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/24 01:01:52.0281 3828 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/24 01:01:52.0593 3828 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/24 01:01:53.0000 3828 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/24 01:01:53.0265 3828 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/24 01:01:53.0578 3828 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/24 01:01:53.0906 3828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/24 01:01:54.0343 3828 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/24 01:01:54.0687 3828 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/24 01:01:54.0906 3828 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/24 01:01:55.0156 3828 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/24 01:01:55.0453 3828 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/24 01:01:55.0734 3828 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/24 01:01:56.0046 3828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/24 01:01:56.0343 3828 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/24 01:01:56.0609 3828 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/24 01:01:57.0062 3828 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/24 01:01:57.0562 3828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/24 01:02:00.0187 3828 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/24 01:02:02.0921 3828 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/24 01:02:03.0359 3828 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/24 01:02:03.0781 3828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/24 01:02:04.0171 3828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/24 01:02:04.0562 3828 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/24 01:02:04.0984 3828 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/24 01:02:05.0312 3828 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/24 01:02:05.0750 3828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/24 01:02:06.0140 3828 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/24 01:02:06.0843 3828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/24 01:02:07.0187 3828 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/24 01:02:09.0437 3828 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/24 01:02:09.0843 3828 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/24 01:02:10.0281 3828 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/24 01:02:10.0703 3828 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/24 01:02:11.0046 3828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/24 01:02:11.0421 3828 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/24 01:02:13.0265 3828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/24 01:02:13.0671 3828 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/24 01:02:14.0093 3828 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/24 01:02:14.0515 3828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/24 01:02:14.0937 3828 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/24 01:02:15.0390 3828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/24 01:02:15.0796 3828 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/24 01:02:16.0234 3828 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/24 01:02:16.0671 3828 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/24 01:02:17.0062 3828 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/24 01:02:17.0421 3828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/24 01:02:17.0781 3828 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/24 01:02:18.0140 3828 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/24 01:02:18.0656 3828 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/24 01:02:19.0218 3828 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/24 01:02:19.0562 3828 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/24 01:02:20.0046 3828 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/24 01:02:20.0515 3828 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/06/24 01:02:20.0921 3828 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/24 01:02:21.0312 3828 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/24 01:02:21.0703 3828 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/24 01:02:23.0140 3828 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/24 01:02:23.0656 3828 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/24 01:02:24.0093 3828 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/24 01:02:24.0343 3828 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/24 01:02:24.0687 3828 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/24 01:02:25.0265 3828 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/24 01:02:25.0843 3828 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/24 01:02:26.0250 3828 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/24 01:02:26.0656 3828 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/24 01:02:26.0984 3828 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/24 01:02:27.0375 3828 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/24 01:02:27.0781 3828 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/24 01:02:28.0187 3828 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/24 01:02:28.0578 3828 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/24 01:02:28.0984 3828 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/24 01:02:29.0328 3828 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/24 01:02:29.0703 3828 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/24 01:02:30.0156 3828 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/24 01:02:30.0609 3828 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/24 01:02:31.0000 3828 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/24 01:02:31.0328 3828 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/24 01:02:31.0687 3828 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/24 01:02:32.0328 3828 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/24 01:02:32.0859 3828 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/06/24 01:02:33.0312 3828 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/24 01:02:33.0796 3828 ZD1211BU(ZyDAS) (478b4415dfb3a45b6fe61ec781e07d7b) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
2011/06/24 01:02:34.0234 3828 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/06/24 01:02:34.0296 3828 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
2011/06/24 01:02:34.0328 3828 ================================================================================
2011/06/24 01:02:34.0328 3828 Scan finished
2011/06/24 01:02:34.0328 3828 ================================================================================
2011/06/24 01:02:34.0343 3820 Detected object count: 0
2011/06/24 01:02:34.0343 3820 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users