Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SMART HDD and also appear to be infected with a rootkit (TDSS type of issue)


  • This topic is locked This topic is locked
24 replies to this topic

#1 bman2011

bman2011

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 16 April 2012 - 05:53 PM

Hi, Our computer has been infected since yesterday with the SMART HDD virus, which has been hiding all programs. I also believe our computer is infected with a TDSS type of rootkit virus in reading thru you website, as we've been having redirects happening in the search results of Google and BING for quite a number of weeks now.

We have a WINDOWS XP Service Pack 3 computer.

The SMART HDD virus had (at first) completely hidden all the programs from me and made them in-accessible. (see below) I was able to "un-hide" the programs, which allowed me access to Internet Explorer, Outlook Express and a few other programs, but not access to the important virus programs such as Malwarebytes and it wouldn't allow me to run the TDSSkiller program (even with re-naming it.), DDS froze up my system twice so I've not tried it again.

What I've done so far:

From a work computer on a whole different network, I was able to read up on your site, good information on what is going on and the steps I needed to take. However, the system is not allowing me to take the necessary steps, so I'll definitely need your help in getting around these roadblocks. I have been running my computer in SAFE MODE and doing that - I was (at first) able to un-hide the programs that are non-accessible, by going to My Computer and following the steps your site says to do. That temporarly enabled me to un-hide the programs, but now, the programs are hidden again. Before the programs went back into hiding, I was able to get on Internet Explorer and download and run DeFogger, tried to run DDS twice but it completely froze up the system both times causing me to have to manually turn off the computer and turn it back on again.

So, at this point, I can't run the things you say to do in the beginning, to post their log information to you. Please advise what you want me to do, to give you the information you'll need to assist.

I very much appreciate your help. I've come to you folks in the past with other viruses and you've helped out tremendously.

Thank you,

bman2011

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 16 April 2012 - 11:58 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 17 April 2012 - 02:08 AM

Hello Gringo, Thank you for your help. These programs you had me run worked fine. I have a question, should I be doing this in Safe mode or Normal mode? I used Safe mode so far.

Here is my Security Check results:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 18
Java 2 Runtime Environment, SE v1.4.2_04
Java version out of date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


Here is my OTL log:


OTL logfile created on: 4/16/2012 11:43:39 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Brett\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 516.24 Mb Available Physical Memory | 50.46% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): C:\pagefile.sys 1533 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 11.47 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: D1JST321 | User Name: Brett | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brett\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\Downloaded Program Files\ymmapi.dll ()
MOD - C:\WINDOWS\SYSTEM32\TSD32.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (NeroRegInCDSrv) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Omniquad MyPrivacy) -- C:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe ()
SRV - (papycpu2) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu2.sys ()
SRV - (papyjoy) -- C:\WINDOWS\SYSTEM32\DRIVERS\papyjoy.sys ()
SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)
SRV - (papycpu) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu.sys ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (Video3D) -- System32\Drivers\Video3D.sys File not found
DRV - (STEAMDVR) -- C:\Program Files\Valve\Steam\bin\x86\SteamDvr.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (Pcouffin) -- System32\Drivers\Pcouffin.sys File not found
DRV - (PCIDump) -- File not found
DRV - (MCSTRM) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (iAimTV2) -- System32\DRIVERS\wATV03nt.sys File not found
DRV - (EnumChip) -- D:\Driver\Gart\EnumChip.sys File not found
DRV - (ElbyVCD) -- System32\DRIVERS\ElbyVCD.sys File not found
DRV - (dvwyantk) -- C:\WINDOWS\system32\drivers\dvwyantk.sys File not found
DRV - (cportclm) -- C:\DOCUME~1\Brett\LOCALS~1\Temp\cportclm.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Brett\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PLTurbo) -- C:\WINDOWS\SYSTEM32\DRIVERS\plturbo.sys (Prolific Technology Inc.)
DRV - (PLTurbh) -- C:\WINDOWS\SYSTEM32\DRIVERS\plturbh.sys (Prolific Technology Inc.)
DRV - (InCDfs) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDrec.sys (Nero AG)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys ()
DRV - (SQTECH905C) -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys (Service & Quality Technology.)
DRV - (EIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\SYSTEM32\DRIVERS\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp02.sys (Protection Technology)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (WmAdiHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmAdiHid.sys (Logitech Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvcm.sys (Logitech Inc.)
DRV - (papycpu2) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\SYSTEM32\DRIVERS\papyjoy.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (msgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\msgame.sys (Microsoft Corporation)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (papycpu) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxphoenix.com/
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes,DefaultScope = {3EBF1CD0-8060-4743-A6AD-F7AEA9913DAF}
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes\{3EBF1CD0-8060-4743-A6AD-F7AEA9913DAF}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.worldnetdaily.com"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Brett\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Brett\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/28 12:21:20 | 000,000,000 | ---D | M]

[2009/11/29 10:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions
[2008/03/16 13:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\vfhoecka.default\extensions
[2008/04/17 19:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/08/27 13:44:42 | 001,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2012/02/06 22:55:38 | 000,000,882 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 94.63.147.20 www.google.com
O1 - Hosts: 94.63.147.21 www.bing.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vccxJSogeeU.exe] C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe ()
O4 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006..\Run: [Update] rundll32.exe "C:\DOCUME~1\Brett\LOCALS~1\Temp\",DllRegisterServer File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O15 - HKU\.DEFAULT\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1303829183048 (MUCatalogWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128738097484 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.101.28.100/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.games.yahoo.com/games/clients/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Poker http://download.games.yahoo.com/games/clients/y/pt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F8132-20B2-414E-8B8F-A85F7D0A5DDD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 23:41:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/04/16 23:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/16 13:33:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brett\Recent
[2012/04/16 12:53:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/04/16 12:51:06 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\iexplore.com
[2012/04/16 09:48:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/15 23:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\Start Menu\Programs\SMART HDD
[2012/03/28 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/03/28 12:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/03/28 12:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCatcher
[2012/03/28 12:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DreamCatcher
[2012/03/26 10:24:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/25 12:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/25 12:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/03/19 11:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/03/19 11:47:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/03/19 11:47:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[959 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[28 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 23:41:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/04/16 23:31:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/16 23:12:58 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\SecurityCheck.exe
[2012/04/16 23:12:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/16 23:06:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/04/16 23:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/04/16 15:36:43 | 000,131,143 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\gmer.zip
[2012/04/16 13:32:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 12:53:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/04/16 12:51:19 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\iexplore.com
[2012/04/16 12:49:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brett\defogger_reenable
[2012/04/16 12:47:31 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\Defogger.exe
[2012/04/16 11:42:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/16 09:25:42 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\WiNlOgOn.exe
[2012/04/16 00:20:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 23:06:06 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT
[2012/04/15 23:05:29 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/15 23:05:29 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UTr
[2012/04/15 23:05:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UT
[2012/04/15 23:05:10 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT.exe
[2012/04/15 22:14:58 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe
[2012/04/12 11:53:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 10:32:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/11 18:16:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/04/05 13:21:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/29 16:14:37 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/28 20:51:32 | 000,000,310 | -HS- | M] () -- C:\BOOT.INI
[2012/03/28 09:53:34 | 000,461,740 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/03/28 09:53:34 | 000,076,474 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/03/25 12:57:22 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/03/25 10:23:29 | 000,650,988 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\TaxReturn 2011 - Turbo Tax.pdf
[2012/03/23 17:10:27 | 000,004,017 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\Healthcare_(FSA)_Transactions.csv
[959 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/16 23:12:58 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\SecurityCheck.exe
[2012/04/16 23:03:36 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/04/16 23:03:36 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
[2012/04/16 23:03:36 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Journal Viewer.lnk
[2012/04/16 23:03:36 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/16 23:03:36 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/04/16 23:03:36 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Dell Jukebox by musicmatch.lnk
[2012/04/16 23:03:36 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2012/04/16 23:03:36 | 000,001,435 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
[2012/04/16 23:03:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/16 23:03:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/16 23:03:36 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/16 23:03:36 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/16 23:03:36 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/04/16 23:03:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/16 23:03:35 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
[2012/04/16 23:03:35 | 000,001,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\USBFast.lnk
[2012/04/16 23:03:34 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/04/16 23:03:33 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2012/04/16 23:03:32 | 000,002,529 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/04/16 23:03:32 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/04/16 23:03:32 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/04/16 23:03:32 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2012/04/16 23:03:32 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/16 23:03:32 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/04/16 23:03:32 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/04/16 23:03:32 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/16 23:03:32 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Express 7.0.lnk
[2012/04/16 23:03:32 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Photo 2002.lnk
[2012/04/16 23:03:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/16 23:03:27 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2012/04/16 15:36:42 | 000,131,143 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\gmer.zip
[2012/04/16 13:34:09 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/16 12:49:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brett\defogger_reenable
[2012/04/16 12:47:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\Defogger.exe
[2012/04/16 09:25:39 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\WiNlOgOn.exe
[2012/04/15 23:05:29 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UTr
[2012/04/15 23:05:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UT
[2012/04/15 23:05:16 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT
[2012/04/15 23:05:10 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT.exe
[2012/04/15 22:54:54 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/15 22:17:05 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe
[2012/03/27 17:03:20 | 000,359,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2520005336-1761281869-3217430149-1006-0.dat
[2012/03/25 18:10:23 | 000,359,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/25 12:57:22 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/03/25 10:23:27 | 000,650,988 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\TaxReturn 2011 - Turbo Tax.pdf
[2012/03/23 17:10:27 | 000,004,017 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\Healthcare_(FSA)_Transactions.csv
[2012/03/08 14:28:36 | 000,088,056 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/03 12:01:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/03 12:01:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/03 12:01:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/03 12:01:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/03 12:01:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/12 00:22:28 | 000,013,576 | -HS- | C] () -- C:\Documents and Settings\Brett\Local Settings\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a
[2011/04/12 00:22:28 | 000,013,576 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a
[2010/11/21 14:38:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/17 17:11:27 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/18 01:43:55 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\default.pls
[2010/04/25 16:21:01 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2010/04/25 16:20:59 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2010/04/25 16:20:56 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2010/04/25 16:20:56 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >
[2009/05/02 01:03:47 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
[2005/10/07 19:21:49 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2005/02/08 16:16:19 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2005/02/08 16:16:19 | 000,002,002 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2009/05/02 01:03:47 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2002/09/03 08:00:00 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2002/12/14 00:43:34 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2004/05/08 12:20:18 | 000,000,736 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\WinZip.lnk
[2010/09/14 22:59:14 | 000,000,738 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Acrobat_com.lnk
[2012/01/13 08:07:13 | 000,002,347 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
[2011/09/28 22:56:46 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2004/06/03 23:27:46 | 000,000,155 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
[2005/02/08 16:16:19 | 000,002,529 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
[2012/04/11 10:23:35 | 000,002,477 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
[2005/05/01 11:38:27 | 000,002,455 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
[2005/02/08 16:16:20 | 000,002,046 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Outlook.lnk
[2005/02/01 12:22:29 | 000,001,614 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Express 7.0.lnk
[2002/09/09 15:44:42 | 000,001,535 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Photo 2002.lnk
[2005/02/08 16:16:20 | 000,002,002 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft PowerPoint.lnk
[2005/02/08 12:58:16 | 000,002,425 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Publisher.lnk
[2011/08/02 16:43:50 | 000,001,680 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
[2012/01/03 21:52:09 | 000,002,479 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
[2002/09/09 15:39:20 | 000,001,549 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works.lnk
[2012/03/29 16:14:37 | 000,001,854 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
[2002/11/26 07:31:59 | 000,001,687 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Solution Center.lnk
[2010/04/01 15:57:02 | 000,001,311 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\USBFast.lnk
[2004/02/03 22:16:33 | 000,001,994 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Journal Viewer.lnk
[2007/10/15 11:03:08 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2004/06/03 23:27:46 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/08/03 19:52:10 | 000,001,803 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Search.lnk
[2004/05/01 21:17:53 | 000,001,435 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Mail.lnk
[2006/03/13 21:52:40 | 000,000,504 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\Configure GT Legends.lnk
[2006/03/13 21:52:40 | 000,000,519 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\GT Legends Dedicated Server.lnk
[2006/03/13 21:52:40 | 000,000,490 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\GT Legends.lnk
[2006/03/13 21:52:40 | 000,000,583 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\Uninstall GT Legends.lnk
[2011/05/07 14:31:28 | 000,000,645 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
[2011/05/07 14:31:28 | 000,000,650 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
[2003/05/31 17:05:54 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2012/03/04 15:18:42 | 000,000,320 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
[2009/12/12 12:00:39 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/05/02 01:03:23 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2012/03/04 15:18:42 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2003/05/31 17:05:54 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2002/09/03 07:55:38 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
[2009/05/02 01:07:30 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
[2009/12/12 12:00:39 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2009/12/12 12:00:39 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2009/12/12 12:00:39 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2009/05/02 01:07:31 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2003/05/31 17:05:39 | 000,000,283 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
[2009/12/12 12:00:40 | 000,001,605 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
[2009/12/12 12:00:40 | 000,001,696 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
[2003/05/31 17:05:38 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
[2004/06/03 23:27:46 | 000,000,217 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
[2004/06/03 23:27:47 | 000,000,808 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Windows Movie Maker.lnk
[2002/11/26 07:34:49 | 000,000,803 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2002/11/26 07:34:49 | 000,000,896 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2005/04/23 16:14:21 | 000,000,784 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2003/05/31 17:05:55 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2004/09/04 12:19:21 | 000,000,703 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
[2009/12/12 12:00:41 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2003/05/07 22:03:07 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2009/12/12 12:00:41 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2009/12/12 12:00:41 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2002/09/03 07:57:36 | 000,000,974 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/12/12 12:00:41 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2012/03/19 11:47:46 | 000,002,011 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2012/03/19 11:47:54 | 000,002,081 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2002/09/03 07:56:16 | 000,001,486 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2003/08/20 22:42:07 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/12/12 12:00:42 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2002/09/03 08:00:00 | 000,000,476 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
[2003/08/20 22:46:28 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2005/06/05 19:25:49 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2004/06/22 22:56:28 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2006/10/23 20:44:56 | 000,001,547 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\AGEIA PhysX Processor Settings.lnk
[2006/10/23 20:44:56 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\AGEIA PhysX System Tray Icon.lnk
[2006/10/23 20:44:57 | 000,000,769 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\Uninstall AGEIA PhysX.lnk
[2006/07/02 13:27:38 | 000,001,693 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\ASUS\ASUS SmartDoctor\ASUS Smartdoctor.lnk
[2003/05/10 16:58:34 | 000,001,005 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Guide.lnk
[2003/05/10 16:58:34 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Readme.lnk
[2003/05/10 16:58:34 | 000,000,985 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Uninstall.lnk
[2003/05/04 14:21:52 | 000,000,505 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord ReadMe.lnk
[2003/05/04 14:21:52 | 000,000,725 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord unInstall.lnk
[2003/05/04 14:21:52 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord.lnk
[2007/04/15 19:09:33 | 000,000,957 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
[2007/04/15 19:09:33 | 000,001,006 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
[2007/04/15 19:09:33 | 000,001,009 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
[2007/04/15 19:09:46 | 000,000,964 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
[2007/04/15 19:09:46 | 000,001,008 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
[2007/04/15 19:09:39 | 000,000,971 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
[2007/04/15 19:09:39 | 000,001,010 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
[2007/04/15 19:09:39 | 000,001,013 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
[2007/04/15 19:09:42 | 000,001,018 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
[2003/05/10 17:09:42 | 000,000,623 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint ReadMe.lnk
[2003/05/10 17:09:42 | 000,000,773 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Uninstall.lnk
[2003/05/10 17:09:42 | 000,000,832 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint.lnk
[2007/04/15 19:10:06 | 000,000,723 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
[2007/04/15 19:10:06 | 000,000,968 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
[2007/04/15 19:10:06 | 000,000,750 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
[2003/05/04 14:20:34 | 000,001,587 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility Readme.lnk
[2003/05/04 14:20:34 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility Uninstall.lnk
[2003/05/04 14:20:34 | 000,001,675 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility.lnk
[2007/04/15 19:09:49 | 000,000,931 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
[2007/04/15 19:09:49 | 000,001,088 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
[2007/04/15 19:10:03 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
[2007/04/15 19:10:03 | 000,000,968 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2007/04/15 19:10:03 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2007/04/15 19:09:48 | 000,000,856 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
[2007/04/15 19:09:48 | 000,000,974 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Uninstall.lnk
[2003/05/04 14:20:50 | 000,001,567 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture Readme.lnk
[2003/05/04 14:20:50 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture Uninstall.lnk
[2003/05/04 14:20:50 | 000,001,668 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture.lnk
[2007/04/15 19:09:07 | 000,000,958 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
[2007/04/15 19:09:07 | 000,001,040 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
[2007/04/15 19:09:07 | 000,000,989 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2002/11/26 07:36:59 | 000,001,650 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\Classic PhoneTools.lnk
[2002/11/26 07:36:59 | 000,001,732 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\PhoneTools User Guide.lnk
[2002/11/26 07:36:59 | 000,001,634 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\ReadMe.lnk
[2002/11/26 07:36:59 | 000,001,643 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\Send and Receive a Fax.lnk
[2011/05/13 09:27:10 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
[2011/05/13 09:27:10 | 000,001,724 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
[2010/04/25 16:19:51 | 000,001,818 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative Database Utility.lnk
[2010/04/25 16:19:51 | 000,001,895 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative PlayCenter Help.lnk
[2010/04/25 16:19:51 | 000,001,818 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative PlayCenter.lnk
[2010/04/25 16:19:29 | 000,001,827 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics.lnk
[2010/04/25 16:18:52 | 000,001,838 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Mixer.lnk
[2010/04/25 16:19:13 | 000,001,775 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Recorder.lnk
[2010/04/25 16:20:36 | 000,001,780 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Restore Defaults.lnk
[2010/04/25 16:20:51 | 000,001,818 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative WaveStudio.lnk
[2002/11/26 07:38:08 | 000,001,719 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\User's Guide.lnk
[2002/11/26 07:38:19 | 000,001,696 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD.lnk
[2002/11/26 07:37:07 | 000,000,489 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Modem-On-Hold\Dell Modem-On-Hold.lnk
[2002/11/26 07:37:07 | 000,000,489 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Modem-On-Hold\Modem on Hold Help.lnk
[2005/05/22 18:08:43 | 000,001,851 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Dell Picture Studio Home.lnk
[2005/05/22 18:08:43 | 000,001,036 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Dell.Ofoto.com - Online Photo Service.lnk
[2011/12/15 14:12:14 | 000,001,898 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Paint Shop Photo Album 5 (2).lnk
[2005/05/22 17:53:19 | 000,001,898 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Paint Shop Photo Album 5.lnk
[2005/05/22 17:53:19 | 000,001,771 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Uninstall Paint Shop Photo Album 5.lnk
[2010/10/22 13:34:55 | 000,000,675 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Demolition Derby & Figure 8 Race.lnk
[2010/10/22 12:39:32 | 000,000,825 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Demolition Derby Demo Version.lnk
[2010/10/22 12:39:33 | 000,000,804 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Get the Full Version.lnk
[2010/10/22 13:34:56 | 000,000,579 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Launch GameSpy Arcade.lnk
[2010/10/22 12:39:32 | 000,000,824 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Online Manual.lnk
[2010/10/22 13:36:50 | 000,000,609 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Remove Demolition Derby & Figure 8 Race.lnk
[2002/11/26 07:36:43 | 000,000,493 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Digital Line Detect\Digital Line Detect.lnk
[2010/01/03 14:22:41 | 000,000,553 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Digital Photo Navigator\Digital Photo Navigator 1.5.lnk
[2011/10/24 22:45:20 | 000,000,867 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Check for Updates.lnk
[2011/10/24 22:45:43 | 000,000,869 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Codec Settings.lnk
[2011/10/24 22:45:39 | 000,000,829 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Converter.lnk
[2011/12/24 13:54:54 | 000,000,789 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Player.lnk
[2011/12/24 13:55:18 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Support.lnk
[2011/12/24 13:55:17 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Post DivX video to your website.lnk
[2011/10/24 22:45:20 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Register.lnk
[2011/12/24 13:55:18 | 000,001,040 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Why Buy DivX Pro.lnk
[2009/11/20 17:57:43 | 000,001,537 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Documentation.lnk
[2009/11/20 17:57:43 | 000,001,345 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Doom 3.lnk
[2009/11/20 17:57:43 | 000,001,979 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Uninstall Doom 3.lnk
[2008/11/19 21:11:43 | 000,001,044 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Desktop.ini
[2008/11/19 21:11:41 | 000,001,162 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose Console Server.lnk
[2008/11/19 21:11:41 | 000,001,162 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose Editor.lnk
[2008/11/19 21:11:41 | 000,001,154 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose GUI Server.lnk
[2008/11/19 21:11:40 | 000,001,132 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose.lnk
[2008/11/19 21:11:41 | 000,001,052 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\ReadMe.lnk
[2008/11/19 21:11:41 | 000,001,972 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web DreamCatcher.lnk
[2008/11/19 21:11:42 | 000,001,940 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web JoWood.lnk
[2008/11/19 21:11:41 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web Mindware.lnk
[2008/11/19 21:11:42 | 000,002,007 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web Painkiller Overdose.lnk
[2010/04/13 20:10:24 | 000,000,912 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Configure Hitman 2.lnk
[2010/04/13 20:10:24 | 000,000,917 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Play Hitman 2.lnk
[2010/04/13 20:10:24 | 000,000,869 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Uninstall Hitman 2.lnk
[2010/04/13 20:10:23 | 000,000,852 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\View Readme.lnk
[2010/04/13 20:10:23 | 000,000,182 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\Register Now.lnk
[2010/04/13 20:10:23 | 000,000,158 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.eidos.com.lnk
[2010/04/13 20:10:23 | 000,000,162 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.hitman2.com.lnk
[2010/04/13 20:10:23 | 000,000,152 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.ioi.dk.lnk
[2010/04/28 22:30:49 | 000,001,925 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\EA Download Manager.lnk
[2010/04/28 22:30:49 | 000,000,094 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\Help.url
[2010/04/28 22:30:49 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\Uninstall EA Download Manager.lnk
[2004/02/03 22:16:02 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
[2003/05/31 17:05:55 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2003/05/31 17:05:55 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2004/02/03 22:16:02 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2004/02/03 22:16:02 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2004/02/03 22:16:02 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2004/02/03 22:16:02 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2004/02/03 22:16:02 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2003/05/31 17:05:55 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2003/05/31 17:05:55 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2003/05/31 17:05:55 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/12/12 12:00:55 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2012/03/25 12:57:21 | 000,001,798 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\Garmin Lifetime Updater.lnk
[2009/06/16 19:51:00 | 000,001,776 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapInstall.lnk
[2009/06/16 19:51:00 | 000,001,773 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource Manual.lnk
[2009/06/16 19:51:00 | 000,001,809 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource.lnk
[2009/06/16 19:51:00 | 000,001,909 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
[2002/11/26 07:35:02 | 000,001,717 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Intel Network Adapters\Intel® PROSet II.lnk
[2011/12/25 21:30:36 | 000,001,790 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2011/12/25 21:30:36 | 000,001,851 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
[2011/12/25 21:45:19 | 000,001,815 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Diagnostic Utility.lnk
[2011/12/25 21:16:26 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk
[2011/12/25 21:30:36 | 000,001,969 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
[2011/12/25 21:30:36 | 000,001,882 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
[2012/04/07 21:32:25 | 000,002,341 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech Gaming Software.lnk
[2004/05/01 20:47:17 | 000,001,658 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam.lnk
[2004/05/01 20:47:17 | 000,001,627 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\My Logitech Pictures.lnk
[2012/02/28 08:13:12 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
[2012/02/28 08:13:12 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
[2012/02/28 08:13:12 | 000,000,820 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
[2012/02/28 08:13:12 | 000,000,947 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
[2002/09/09 15:44:42 | 000,001,940 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Clip Gallery\Microsoft Clip Gallery.lnk
[2002/12/11 23:25:03 | 000,001,821 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II Readme.lnk
[2002/12/11 23:25:03 | 000,001,837 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II.lnk
[2002/12/11 23:25:03 | 000,001,855 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Uninstall Age of Empires II.lnk
[2003/03/01 00:01:01 | 000,001,720 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Aircraft Editor.lnk
[2003/03/01 00:01:00 | 000,001,748 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Instructor.lnk
[2003/03/01 00:01:01 | 000,001,798 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002 Manual.lnk
[2003/03/01 00:01:01 | 000,001,720 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002 Readme.lnk
[2003/03/01 00:01:00 | 000,001,720 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002.lnk
[2003/03/01 00:01:01 | 000,001,775 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Uninstall Flight Simulator 2002.lnk
[2003/01/18 18:50:26 | 000,001,986 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Business Planner.lnk
[2003/01/18 18:50:27 | 000,001,189 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Direct Mail Manager.lnk
[2003/01/18 18:50:27 | 000,001,067 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Small Business Customer Manager.lnk
[2003/01/18 18:50:27 | 000,002,137 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Small Business Financial Manager.lnk
[2003/01/18 18:56:28 | 000,002,287 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
[2005/02/08 16:16:20 | 000,001,958 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
[2002/09/09 15:42:06 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2002/09/09 15:42:06 | 000,001,876 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2002/09/09 15:42:06 | 000,002,138 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2002/09/09 15:42:06 | 000,002,090 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2005/02/08 16:16:19 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Language Settings.lnk
[2005/02/10 20:35:07 | 000,002,533 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Shortcut Bar.lnk
[2002/09/09 15:42:06 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2002/09/09 15:42:06 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2012/02/15 23:00:30 | 000,001,986 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2002/09/09 15:39:20 | 000,000,660 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Address Book.lnk
[2002/09/09 15:39:20 | 000,001,617 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started Manual.lnk
[2002/09/09 15:39:20 | 000,001,879 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2002/09/09 15:39:18 | 000,001,920 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2002/09/09 15:39:20 | 000,001,611 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2002/09/09 15:39:20 | 000,001,541 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2002/09/09 15:39:20 | 000,001,555 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2002/11/26 07:36:49 | 000,001,421 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Modem Helper\Modem Helper.lnk
[2002/11/26 07:47:59 | 000,001,763 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk
[2010/08/22 15:29:21 | 000,002,349 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero CoverDesigner Essentials.lnk
[2010/08/22 15:29:21 | 000,002,115 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Express Essentials.lnk
[2010/08/22 15:29:21 | 000,002,266 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Home Essentials SE.lnk
[2010/08/22 15:29:21 | 000,002,154 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero MediaHome Essentials.lnk
[2010/08/22 15:29:24 | 000,001,991 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Online Upgrade.lnk
[2010/08/22 15:29:21 | 000,002,276 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Recode Essentials.lnk
[2010/08/22 15:29:21 | 000,002,182 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero ShowTime Essentials.lnk
[2010/08/22 15:29:21 | 000,002,364 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero StartSmart Essentials.lnk
[2010/08/22 15:29:21 | 000,002,324 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Vision Essentials.lnk
[2010/08/22 15:29:23 | 000,001,675 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\InCD Essentials [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,805 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BurnRights [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,857 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ControlCenter [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,896 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero CoverDesigner Essentials [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,796 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DiscSpeed [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,805 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,828 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Express Essentials [English Manual].lnk
[2010/08/22 15:29:23 | 000,001,758 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Home Essentials SE [English Manual].lnk
[2010/08/22 15:29:22 | 000,001,787 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero InfoTool [English Manual].lnk
[2010/08/22 15:29:23 | 000,001,832 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero MediaHome Essentials [English Manual].lnk
[2010/08/22 15:29:23 | 000,001,784 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Recode Essentials [English Manual].lnk
[2010/08/22 15:29:24 | 000,001,816 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ShowTime Essentials [English Manual].lnk
[2010/08/22 15:29:24 | 000,001,848 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero StartSmart Essentials [English Manual].lnk
[2010/08/22 15:29:24 | 000,001,784 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Vision Essentials [English Manual].lnk
[2010/08/22 15:29:21 | 000,002,207 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk
[2010/08/22 15:29:22 | 000,002,074 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk
[2010/08/22 15:29:22 | 000,002,070 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk
[2010/08/22 15:29:22 | 000,002,137 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk
[2010/08/22 15:29:24 | 000,002,295 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk
[2010/08/22 15:29:22 | 000,002,151 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk
[2009/02/15 12:00:48 | 000,001,647 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Check for Updates.lnk
[2009/02/15 12:00:48 | 000,001,631 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Configure 3D Graphics.lnk
[2009/02/15 12:00:48 | 000,001,631 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Launch Dedicated Server.lnk
[2009/02/15 12:00:48 | 000,001,631 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\NASCAR Racing 2003 Season.lnk
[2009/02/15 12:00:48 | 000,001,631 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Readme.lnk
[2009/02/15 12:00:47 | 000,000,086 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Register.URL
[2009/02/15 12:00:48 | 000,001,821 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Uninstall.lnk
[2009/02/15 12:00:47 | 000,000,070 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Visit Papyrus Racing Games.URL
[2009/02/15 12:00:47 | 000,000,063 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Visit Sierra.com.URL
[2010/01/03 14:25:32 | 000,000,617 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\Everio MediaBrowser.lnk
[2010/01/03 14:26:05 | 000,000,959 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\MediaBrowser Instruction Guide.lnk
[2010/01/03 14:26:05 | 000,000,770 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\ReadMe.lnk
[2012/03/08 13:35:12 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2012/03/08 13:35:12 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2012/03/08 13:35:12 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2012/03/08 13:35:12 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2007/03/05 22:24:21 | 000,000,226 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Play Railroad Tycoon 3 Online with GameSpy Arcade.url
[2007/03/05 22:24:21 | 000,000,555 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Play Railroad Tycoon 3.lnk
[2007/03/05 22:24:21 | 000,000,747 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Readme Notes.lnk
[2007/03/05 22:24:21 | 000,001,014 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Uninstall.lnk
[2007/03/05 22:24:22 | 000,000,863 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\Configuration Support.lnk
[2007/03/05 22:24:22 | 000,000,758 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\CPU Info (Identifies your CPU, Video Card, and Other Key Hardware).lnk
[2007/03/05 22:24:22 | 000,000,569 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Normal Mode, Reset Defaults.lnk
[2007/03/05 22:24:22 | 000,000,569 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Full Screen With Sound.lnk
[2007/03/05 22:24:22 | 000,000,569 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Full Screen, No Sound.lnk
[2007/03/05 22:24:22 | 000,000,569 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Windowed With Sound.lnk
[2007/03/05 22:24:22 | 000,000,569 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Windowed, No Sound.lnk
[2007/03/05 22:24:22 | 000,000,111 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Gathering Home Page.url
[2007/03/05 22:24:22 | 000,000,108 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\PopTop Home Page.url
[2007/03/05 22:24:21 | 000,000,117 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Railroad Tycoon 3 Home Page.url
[2007/03/05 22:24:21 | 000,000,131 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Register Railroad Tycoon 3.url
[2007/03/05 22:24:22 | 000,000,116 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Other Partners\Musician's Home Page (Jupiter Studios).url
[2008/10/16 19:03:19 | 000,000,909 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer.lnk
[2003/08/23 07:46:37 | 000,000,518 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Fundcraft Self-Typing Cookbook.lnk
[2003/08/23 07:46:37 | 000,001,366 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Short_Cut Demo.lnk
[2003/08/23 07:46:37 | 000,001,408 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Short_Cut Un-Install.lnk
[2008/11/18 23:09:00 | 000,001,883 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Rome - Total War\Barbarian Invasion.lnk
[2008/11/18 23:09:00 | 000,001,931 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Rome - Total War\Uninstall Barbarian Invasion.lnk
[2002/11/26 07:48:23 | 000,000,861 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Project Selector.lnk
[2003/07/30 20:28:34 | 000,002,615 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\DirectCD Format Utility.lnk
[2006/07/09 16:40:52 | 000,002,629 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\Disc Copier.lnk
[2007/11/04 14:16:05 | 000,002,641 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\Easy CD Creator.lnk
[2005/03/25 12:47:39 | 000,000,661 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Marine Aquarium 2.lnk
[2005/03/25 12:47:39 | 000,000,844 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Prolific Publishing on the Web.lnk
[2005/03/25 12:47:39 | 000,000,792 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Read Me.lnk
[2005/03/25 12:47:39 | 000,000,859 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\SereneScreen Marine Aquarium on the Web.lnk
[2005/03/25 12:47:39 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Uninstall SereneScreen Marine Aquarium 2.lnk
[2005/05/14 00:30:03 | 000,000,469 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\10tacle Studios AG.lnk
[2005/05/14 00:30:03 | 000,000,463 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR Support Forum.lnk
[2005/05/14 00:30:03 | 000,000,423 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\RSC - Unofficial GTR Community Forum.lnk
[2005/05/14 00:30:03 | 000,000,493 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\Visit SimBin Website.lnk
[2005/05/14 00:30:02 | 000,000,459 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\WWW.GTR-GAME.COM.lnk
[2005/05/14 00:30:03 | 000,000,499 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Configuration.lnk
[2005/05/14 00:30:03 | 000,000,490 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Dedicated Server.lnk
[2005/05/14 00:30:03 | 000,000,593 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Manual.lnk
[2005/05/14 00:30:03 | 000,000,583 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Uninstall.lnk
[2005/05/14 00:30:03 | 000,000,476 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR.lnk
[2005/05/14 00:30:03 | 000,000,730 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\Motec Interpreter Manual.lnk
[2005/05/14 00:30:03 | 000,000,706 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\Motec Interpreter.lnk
[2012/03/04 15:24:14 | 000,001,878 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2002/09/03 08:00:00 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
[2011/04/19 14:39:13 | 000,001,634 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\BootSafe.lnk
[2011/04/19 14:39:13 | 000,001,618 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
[2011/04/19 14:39:13 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
[2011/04/19 14:39:13 | 000,000,792 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
[2011/04/19 14:39:13 | 000,001,712 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
[2008/11/18 20:21:14 | 000,001,611 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Play Rome - Total War Online with GameSpy Arcade.lnk
[2008/11/18 20:21:14 | 000,001,866 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Rome - Total War.lnk
[2008/11/18 20:21:14 | 000,001,853 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Uninstall Rome - Total War.lnk
[2007/11/02 20:50:21 | 000,000,817 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Aircraft guide.lnk
[2007/11/02 20:50:21 | 000,000,751 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\IL-2 Sturmovik 1946 Site.lnk
[2007/11/02 20:50:21 | 000,000,693 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Remove IL-2 Sturmovik 1946.lnk
[2007/11/02 20:50:21 | 000,000,867 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Setup.lnk
[2007/11/02 20:50:21 | 000,000,756 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Ubisoft Site.lnk
[2007/03/29 21:00:04 | 000,001,725 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\URGE\URGE.lnk
[2005/09/11 09:43:11 | 000,000,182 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Celeris Website.lnk
[2005/09/11 09:43:11 | 000,000,204 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Global Star Website.lnk
[2005/09/11 09:43:11 | 000,000,625 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Uninstall Virtual Pool 3.lnk
[2005/09/11 09:43:11 | 000,000,903 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Manual.lnk
[2005/09/11 09:43:11 | 000,001,761 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Readme.lnk
[2005/09/11 09:43:11 | 000,000,222 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Support.lnk
[2005/09/11 09:43:11 | 000,001,667 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3.lnk
[2005/09/11 09:43:11 | 000,000,176 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\VP3 Fan Website.lnk
[2006/07/02 11:14:56 | 000,000,787 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Help.lnk
[2006/07/02 11:14:56 | 000,000,603 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Home Page.lnk
[2006/07/02 11:14:56 | 000,000,799 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Uninstall WinASO Registry Optimizer.lnk
[2006/07/02 11:14:56 | 000,000,787 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\WinASO Registry Optimizer.lnk
[2004/05/08 12:20:18 | 000,000,642 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Help Manual.lnk
[2004/05/08 12:20:18 | 000,000,640 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\ReadMe.txt.lnk
[2004/05/08 12:20:18 | 000,001,538 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Uninstall WinZip.lnk
[2004/05/08 12:20:18 | 000,000,652 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\What's New.lnk
[2004/05/08 12:20:18 | 000,000,654 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\WinZip 9.0 .lnk
[2006/07/09 17:30:37 | 000,000,824 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Messenger\Yahoo! Messenger with Voice.lnk
[2012/03/29 16:14:37 | 000,001,854 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
[2002/11/26 07:47:59 | 000,001,769 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Dell Jukebox by musicmatch.lnk
[2005/05/02 23:13:07 | 000,000,177 | -HS- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
[2009/04/29 22:59:38 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2012/02/28 08:13:12 | 000,000,802 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
[2010/08/22 15:29:15 | 000,002,272 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Nero Home Essentials SE.lnk
[2010/08/22 15:29:15 | 000,002,370 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Nero StartSmart Essentials.lnk
[2002/12/07 23:16:03 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2012/04/15 23:05:29 | 000,000,847 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\SMART_HDD.lnk
[2010/08/13 21:41:00 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2004/05/01 21:17:53 | 000,001,447 | ---- | M] () -- C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Yahoo! Mail.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:4ZxXHMHMAu35eyttdeIDjPr
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:fZL3ZY5tei5Cslmhc4cJ97I
@Alternate Data Stream - 1047 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AlboVOLB94IuURkiKWTNuj

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 17 April 2012 - 02:43 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:4ZxXHMHMAu35eyttdeIDjPr
    @Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:fZL3ZY5tei5Cslmhc4cJ97I
    @Alternate Data Stream - 1047 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AlboVOLB94IuURkiKWTNuj
    [2011/04/12 00:22:28 | 000,013,576 | -HS- | C] () -- C:\Documents and Settings\Brett\Local Settings\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a
    [2011/04/12 00:22:28 | 000,013,576 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a
    O4 - HKLM..\Run: [vccxJSogeeU.exe] C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe ()
    [2012/04/15 23:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\Start Menu\Programs\SMART HDD
    [2012/04/15 23:06:06 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT
    [2012/04/15 23:05:29 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    [2012/04/15 23:05:29 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UTr
    [2012/04/15 23:05:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UT
    [2012/04/15 23:05:10 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT.exe
    [2012/04/15 22:14:58 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe
    
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 17 April 2012 - 03:53 PM

Hello Gringo, Did what you said and here is the OTL report:

========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:4ZxXHMHMAu35eyttdeIDjPr deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:fZL3ZY5tei5Cslmhc4cJ97I deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:AlboVOLB94IuURkiKWTNuj deleted successfully.
C:\Documents and Settings\Brett\Local Settings\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a moved successfully.
C:\Documents and Settings\All Users\Application Data\8x15hmd32g0mif1ctjk00p8vye702et460f6i37y8a moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vccxJSogeeU.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe moved successfully.
C:\Documents and Settings\Brett\Start Menu\Programs\SMART HDD folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT moved successfully.
C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UTr moved successfully.
C:\Documents and Settings\All Users\Application Data\-PFgwwqLKRbm0UT moved successfully.
C:\Documents and Settings\All Users\Application Data\PFgwwqLKRbm0UT.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\vccxJSogeeU.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\WinZip.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Acrobat_com.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Outlook.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Express 7.0.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Photo 2002.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft PowerPoint.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Publisher.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Solution Center.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\USBFast.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Journal Viewer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Windows Search.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Mail.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\Configure GT Legends.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\GT Legends Dedicated Server.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\GT Legends.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\10tacle Studios\GTL\Uninstall GT Legends.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Windows Movie Maker.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\AGEIA PhysX Processor Settings.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\AGEIA PhysX System Tray Icon.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\AGEIA\Uninstall AGEIA PhysX.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\ASUS\ASUS SmartDoctor\ASUS Smartdoctor.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Guide.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon i850\Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord ReadMe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord unInstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint ReadMe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.2\FileViewerUtility.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.7\RemoteCapture.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\Classic PhoneTools.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\PhoneTools User Guide.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\ReadMe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Classic PhoneTools\Send and Receive a Fax.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative Database Utility.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative PlayCenter Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative PlayCenter\Creative PlayCenter.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Mixer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Recorder.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Restore Defaults.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative WaveStudio.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\User's Guide.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Modem-On-Hold\Dell Modem-On-Hold.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Modem-On-Hold\Modem on Hold Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Dell Picture Studio Home.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Dell.Ofoto.com - Online Photo Service.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Paint Shop Photo Album 5 (2).lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Paint Shop Photo Album 5.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio 3\Paint Shop Photo Album 5\Uninstall Paint Shop Photo Album 5.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Demolition Derby & Figure 8 Race.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Demolition Derby Demo Version.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Get the Full Version.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Launch GameSpy Arcade.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Online Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Demolition Derby & Figure 8 Race\Remove Demolition Derby & Figure 8 Race.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Digital Line Detect\Digital Line Detect.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Digital Photo Navigator\Digital Photo Navigator 1.5.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Check for Updates.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Codec Settings.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Converter.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Player.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Support.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Post DivXr video to your website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Register.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Why Buy DivX Pro.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Documentation.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Doom 3.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Doom 3\Uninstall Doom 3.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Desktop.ini
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose Console Server.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose Editor.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose GUI Server.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Painkiller Overdose.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\ReadMe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web DreamCatcher.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web JoWood.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web Mindware.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\DreamCatcher\Painkiller Overdose\Web Painkiller Overdose.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Configure Hitman 2.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Play Hitman 2.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Uninstall Hitman 2.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\View Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\Register Now.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.eidos.com.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.hitman2.com.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Eidos Interactive\Hitman 2\Web Links\www.ioi.dk.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\EA Download Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\Help.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Electronic Arts\EA Download Manager\Uninstall EA Download Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\Garmin Lifetime Updater.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapInstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Intel Network Adapters\Intel® PROSet II.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Diagnostic Utility.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech Gaming Software.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Logitech\My Logitech Pictures.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Clip Gallery\Microsoft Clip Gallery.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Uninstall Age of Empires II.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Aircraft Editor.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Instructor.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002 Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002 Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Flight Simulator 2002.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Flight Simulator 2002\Uninstall Flight Simulator 2002.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Business Planner.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Direct Mail Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Small Business Customer Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Small Business Tools\Microsoft Small Business Financial Manager.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Language Settings.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Shortcut Bar.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Address Book.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Modem Helper\Modem Helper.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero CoverDesigner Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Express Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Home Essentials SE.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero MediaHome Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Online Upgrade.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Recode Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero ShowTime Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero StartSmart Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Vision Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\InCD Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BurnRights [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ControlCenter [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero CoverDesigner Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DiscSpeed [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Express Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Home Essentials SE [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero InfoTool [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero MediaHome Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Recode Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ShowTime Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero StartSmart Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Vision Essentials [English Manual].lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Check for Updates.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Configure 3D Graphics.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Launch Dedicated Server.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\NASCAR Racing 2003 Season.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Register.URL
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Visit Papyrus Racing Games.URL
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Papyrus\NASCAR Racing 2003 Season\Visit Sierra.com.URL
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\Everio MediaBrowser.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\MediaBrowser Instruction Guide.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\Everio MediaBrowser\ReadMe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Play Railroad Tycoon 3 Online with GameSpy Arcade.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Play Railroad Tycoon 3.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Readme Notes.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\Configuration Support.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\CPU Info (Identifies your CPU, Video Card, and Other Key Hardware).lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Normal Mode, Reset Defaults.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Full Screen With Sound.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Full Screen, No Sound.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Windowed With Sound.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Troubleshooting\RT3, Safe Mode, Windowed, No Sound.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Gathering Home Page.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\PopTop Home Page.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Railroad Tycoon 3 Home Page.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Register Railroad Tycoon 3.url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon 3\Weblinks\Other Partners\Musician's Home Page (Jupiter Studios).url
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Fundcraft Self-Typing Cookbook.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Short_Cut Demo.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Recipes\Short_Cut Un-Install.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Rome - Total War\Barbarian Invasion.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Rome - Total War\Uninstall Barbarian Invasion.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Project Selector.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\DirectCD Format Utility.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\Disc Copier.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Roxio Easy CD Creator 5\Applications\Easy CD Creator.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Marine Aquarium 2.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Prolific Publishing on the Web.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Read Me.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\SereneScreen Marine Aquarium on the Web.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SereneScreen\Marine Aquarium 2\Uninstall SereneScreen Marine Aquarium 2.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\10tacle Studios AG.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR Support Forum.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\RSC - Unofficial GTR Community Forum.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\Visit SimBin Website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\WWW.GTR-GAME.COM.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Configuration.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Dedicated Server.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR Uninstall.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\GTR.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\Motec Interpreter Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SimBin\GTR\Motec Interpreter.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\BootSafe.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Play Rome - Total War Online with GameSpy Arcade.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Rome - Total War.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Total War\Rome - Total War\Uninstall Rome - Total War.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Aircraft guide.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\IL-2 Sturmovik 1946 Site.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Remove IL-2 Sturmovik 1946.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Setup.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\IL-2 Sturmovik 1946\Ubisoft Site.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\URGE\URGE.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Celeris Website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Global Star Website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Uninstall Virtual Pool 3.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Readme.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3 Support.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\Virtual Pool 3.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Virtual Pool 3\VP3 Fan Website.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Help.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Home Page.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\Uninstall WinASO Registry Optimizer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinASO\Registry Optimizer 2.7\WinASO Registry Optimizer.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Help Manual.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\ReadMe.txt.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Uninstall WinZip.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\What's New.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\WinZip\WinZip 9.0 .lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Messenger\Yahoo! Messenger with Voice.lnk
366 File(s) copied
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Dell Jukebox by musicmatch.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Nero Home Essentials SE.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Nero StartSmart Essentials.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\SMART_HDD.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
C:\DOCUME~1\Brett\LOCALS~1\Temp\smtmp\2\Yahoo! Mail.lnk
11 File(s) copied
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Brett
->Java cache emptied: 115962101 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 111.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 3794 bytes

User: All Users

User: Brett
->Flash cache emptied: 99015 bytes

User: Default User
->Flash cache emptied: 56504 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04172012_134928

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 17 April 2012 - 06:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 18 April 2012 - 09:29 PM

Hello, I tried to run Combofix four times now (three times with Windows in SAFE mode and then once in Normal mode) and every time it would stall and freeze up my computer.

So, unable to provide a log from ComboFix.

Please help.

Thanks,

bman2011

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 18 April 2012 - 09:48 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 April 2012 - 01:48 AM

Hello Gringo, It worked. Here is the results:


ComboFix 12-04-17.01 - Brett 04/18/2012 22:08:39.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.568 [GMT -7:00]
Running from: c:\documents and settings\Brett\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Brett\Application Data\alta\alta\dpvdx.dll
c:\program files\TotalRecipeSearch_14EI
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\SET483.tmp
c:\windows\SET563.tmp
c:\windows\SET66B.tmp
c:\windows\SET768.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-17 20:49 . 2012-04-17 20:49 -------- d-----w- C:\_OTL
2012-04-16 16:48 . 2012-04-16 18:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-15 18:14 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69906505-B98F-4C49-9805-C24A30F9DCE8}\mpengine.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-28 19:22 . 2012-03-28 19:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-28 19:21 . 2012-03-28 19:21 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-03-28 19:20 . 2012-03-28 19:20 -------- d-----w- c:\program files\DreamCatcher
2012-03-27 06:10 . 2012-03-27 06:10 3993600 ----a-w- c:\program files\GUT1B.tmp
2012-03-25 19:45 . 2012-03-25 19:45 -------- d-----w- c:\program files\Microsoft.NET
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\program files\Garmin GPS Plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2010-03-08 23:46 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-04 04:57 . 2011-05-18 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-05-02 03:19 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2002-08-29 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2009-05-02 03:19 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-03-08 20:34 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 18:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2006-04-18 22:37 1073152 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 23:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-03-07 03:34 4008112 ----a-w- c:\documents and settings\Brett\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 23:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SecurDisc"=c:\program files\Nero\Nero8\InCD\NBHGui.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Microsoft Games\\FS2002\\fs2002.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\GTL\\GTL.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Activision Value\\World Series of Poker TOC\\WSOPTOC.exe"=
"c:\\Program Files\\Railroad Tycoon 3\\RT3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"c:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"c:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Auxiliary Power\\Demo\\DerbyDemo.exe"=
"c:\\Program Files\\Auxiliary Power\\DemoDerby\\DemoDerby.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\ubmad2005\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Brett\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 papycpu;papycpu;c:\windows\SYSTEM32\DRIVERS\papycpu.sys [2/8/2003 10:41 PM 1984]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\SYSTEM32\DRIVERS\plturbo.sys [4/1/2010 3:57 PM 16640]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 dvwyantk;dvwyantk;\??\c:\windows\system32\drivers\dvwyantk.sys --> c:\windows\system32\drivers\dvwyantk.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 1:55 PM 136176]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 1:30 PM 158856]
S3 EnumChip;EnumChip;\??\d:\driver\Gart\EnumChip.sys --> d:\driver\Gart\EnumChip.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 1:55 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [4/16/2012 9:48 AM 40776]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\SYSTEM32\DRIVERS\plturbh.sys [4/1/2010 3:57 PM 16384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 4:00 AM 14336]
S3 WmAdiHid;Logitech WingMan Digital Devices Driver;c:\windows\SYSTEM32\DRIVERS\WmAdiHid.sys [6/20/2002 6:45 PM 20608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 22:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 20:54]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 20:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myfoxphoenix.com/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-Update - c:\documents and settings\Brett\Application Data\alta\alta\dpvdx.dll
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 22:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?`?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?`???????~?B~??????????@???????????????????B??????????????????????????`??????r?B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:f3,a4,81,32,ae,1c,3d,58,5b,11,c6,fe,c4,d5,00,82,63,6e,13,d6,d7,3b,fa,
99,e3,25,9d,e7,9c,39,70,f2,a5,b5,9f,00,6e,6d,53,d2,e3,fe,6d,3a,cb,ab,9b,41,\
"??"=hex:6f,1e,89,8f,9c,4b,2c,6e,e9,e2,28,76,1c,a5,08,97
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ITIG726.acm
c:\windows\system32\ctmp3.acm
.
Completion time: 2012-04-18 23:09:52
ComboFix-quarantined-files.txt 2012-04-19 06:09
ComboFix2.txt 2011-05-03 19:30
.
Pre-Run: 12,288,696,320 bytes free
Post-Run: 12,862,304,256 bytes free
.
- - End Of File - - 42C3756DE711FAA08C77F891AC383550

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 19 April 2012 - 08:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 April 2012 - 01:18 PM

Hello Gringo, I ran TDSKiller and aswMBR, here is what I found as far as text files:

2011/04/19 20:59:41.0468 1944 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/19 20:59:41.0671 1944 ================================================================================
2011/04/19 20:59:41.0671 1944 SystemInfo:
2011/04/19 20:59:41.0671 1944
2011/04/19 20:59:41.0671 1944 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/19 20:59:41.0671 1944 Product type: Workstation
2011/04/19 20:59:41.0671 1944 ComputerName: D1JST321
2011/04/19 20:59:41.0671 1944 UserName: Administrator
2011/04/19 20:59:41.0671 1944 Windows directory: C:\WINDOWS
2011/04/19 20:59:41.0671 1944 System windows directory: C:\WINDOWS
2011/04/19 20:59:41.0671 1944 Processor architecture: Intel x86
2011/04/19 20:59:41.0671 1944 Number of processors: 1
2011/04/19 20:59:41.0671 1944 Page size: 0x1000
2011/04/19 20:59:41.0671 1944 Boot type: Safe boot with network
2011/04/19 20:59:41.0671 1944 ================================================================================
2011/04/19 20:59:41.0937 1944 Initialize success
2011/04/19 21:01:20.0515 1080 ================================================================================
2011/04/19 21:01:20.0515 1080 Scan started
2011/04/19 21:01:20.0515 1080 Mode: Manual;
2011/04/19 21:01:20.0515 1080 ================================================================================
2011/04/19 21:01:22.0859 1080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/04/19 21:01:23.0031 1080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/19 21:01:23.0171 1080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/19 21:01:23.0296 1080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/04/19 21:01:23.0421 1080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/19 21:01:23.0562 1080 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/19 21:01:23.0687 1080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/19 21:01:23.0828 1080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/04/19 21:01:23.0953 1080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/04/19 21:01:24.0062 1080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/04/19 21:01:24.0187 1080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/04/19 21:01:24.0312 1080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/04/19 21:01:24.0453 1080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/04/19 21:01:24.0562 1080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/04/19 21:01:24.0687 1080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/04/19 21:01:24.0812 1080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/04/19 21:01:24.0937 1080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/04/19 21:01:25.0062 1080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/04/19 21:01:25.0312 1080 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
2011/04/19 21:01:25.0437 1080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/19 21:01:25.0609 1080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/19 21:01:25.0937 1080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/19 21:01:26.0078 1080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/19 21:01:26.0203 1080 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/04/19 21:01:26.0343 1080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/19 21:01:26.0500 1080 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/04/19 21:01:26.0765 1080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/04/19 21:01:26.0875 1080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/19 21:01:27.0031 1080 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/19 21:01:27.0140 1080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/04/19 21:01:27.0281 1080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/19 21:01:27.0390 1080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/19 21:01:27.0562 1080 Cdr4_xp (814acb9b8a55804d9878248b3c79f862) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/04/19 21:01:27.0703 1080 Cdralw2k (bce7213f8aa1bc9d5c08f81cb05e10a7) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/04/19 21:01:27.0828 1080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/19 21:01:27.0953 1080 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/04/19 21:01:28.0250 1080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/04/19 21:01:28.0515 1080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/04/19 21:01:28.0718 1080 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/04/19 21:01:28.0828 1080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/04/19 21:01:28.0937 1080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/04/19 21:01:29.0140 1080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/19 21:01:29.0328 1080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/19 21:01:29.0500 1080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/19 21:01:29.0625 1080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/19 21:01:29.0750 1080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/19 21:01:29.0906 1080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/04/19 21:01:30.0015 1080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/19 21:01:30.0156 1080 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/04/19 21:01:30.0296 1080 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/19 21:01:30.0453 1080 EIO (6f41da43aa4806a7bdbb2f9a8b05023e) C:\WINDOWS\system32\drivers\EIO.sys
2011/04/19 21:01:30.0593 1080 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/04/19 21:01:30.0984 1080 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/04/19 21:01:31.0156 1080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/19 21:01:31.0343 1080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/19 21:01:31.0468 1080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/19 21:01:31.0562 1080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/19 21:01:31.0671 1080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/19 21:01:31.0812 1080 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/04/19 21:01:31.0953 1080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/19 21:01:32.0062 1080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/19 21:01:32.0218 1080 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/19 21:01:32.0312 1080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/19 21:01:32.0515 1080 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
2011/04/19 21:01:32.0671 1080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/19 21:01:32.0812 1080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/04/19 21:01:32.0953 1080 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/04/19 21:01:33.0125 1080 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/19 21:01:33.0281 1080 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/04/19 21:01:33.0437 1080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/19 21:01:33.0640 1080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/19 21:01:33.0781 1080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/04/19 21:01:33.0906 1080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/19 21:01:34.0031 1080 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/04/19 21:01:34.0187 1080 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/04/19 21:01:34.0312 1080 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/04/19 21:01:34.0437 1080 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/04/19 21:01:34.0578 1080 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/04/19 21:01:34.0687 1080 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/04/19 21:01:34.0781 1080 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/04/19 21:01:34.0921 1080 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/04/19 21:01:35.0156 1080 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/04/19 21:01:35.0250 1080 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/04/19 21:01:35.0437 1080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/19 21:01:35.0640 1080 InCDfs (914b9bd741189335c1f8d0cceda8b639) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/04/19 21:01:35.0765 1080 InCDPass (4750cb7883952f873f778bdcf09e6c93) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/04/19 21:01:35.0875 1080 InCDRec (4fadcd138c649545bfa9dc3bbc8fee0d) C:\WINDOWS\system32\drivers\InCDRec.sys
2011/04/19 21:01:36.0000 1080 incdrm (efe97b244c8dc63600777207df6afac1) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/04/19 21:01:36.0125 1080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/04/19 21:01:36.0234 1080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/19 21:01:36.0359 1080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/19 21:01:36.0468 1080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/19 21:01:36.0609 1080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/19 21:01:36.0750 1080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/19 21:01:36.0875 1080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/19 21:01:37.0000 1080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/19 21:01:37.0125 1080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/19 21:01:37.0265 1080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/19 21:01:37.0421 1080 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/04/19 21:01:37.0593 1080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/19 21:01:37.0734 1080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/19 21:01:37.0875 1080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/19 21:01:38.0015 1080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/19 21:01:38.0546 1080 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/19 21:01:38.0703 1080 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/04/19 21:01:38.0890 1080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/19 21:01:39.0046 1080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/19 21:01:39.0125 1080 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/19 21:01:39.0250 1080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/19 21:01:39.0390 1080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/19 21:01:39.0531 1080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/19 21:01:39.0703 1080 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/19 21:01:40.0609 1080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/04/19 21:01:40.0781 1080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/19 21:01:40.0968 1080 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/19 21:01:41.0171 1080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/19 21:01:41.0328 1080 msgame (082a950191dde602bbea8ef4e5900251) C:\WINDOWS\system32\DRIVERS\msgame.sys
2011/04/19 21:01:41.0468 1080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/19 21:01:41.0609 1080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/19 21:01:41.0750 1080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/19 21:01:41.0890 1080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/19 21:01:42.0031 1080 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/19 21:01:42.0171 1080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/19 21:01:42.0328 1080 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/04/19 21:01:42.0562 1080 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/19 21:01:42.0703 1080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/19 21:01:42.0843 1080 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/19 21:01:42.0984 1080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/19 21:01:43.0171 1080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/19 21:01:44.0562 1080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/19 21:01:44.0687 1080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/19 21:01:44.0796 1080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/19 21:01:44.0906 1080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/19 21:01:45.0062 1080 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\System32\drivers\NMSCFG.SYS
2011/04/19 21:01:45.0156 1080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/19 21:01:45.0281 1080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/19 21:01:45.0421 1080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/19 21:01:45.0671 1080 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/19 21:01:45.0890 1080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/19 21:01:46.0078 1080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/19 21:01:46.0187 1080 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/19 21:01:46.0328 1080 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/04/19 21:01:46.0453 1080 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
2011/04/19 21:01:46.0578 1080 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/04/19 21:01:46.0687 1080 papycpu (8051a829dc5544c55fb647447c4b0286) C:\WINDOWS\system32\drivers\papycpu.sys
2011/04/19 21:01:46.0796 1080 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys
2011/04/19 21:01:46.0875 1080 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys
2011/04/19 21:01:46.0953 1080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/19 21:01:47.0062 1080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/19 21:01:47.0140 1080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/19 21:01:47.0218 1080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/19 21:01:47.0375 1080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/04/19 21:01:47.0484 1080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/19 21:01:47.0890 1080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/04/19 21:01:47.0984 1080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/04/19 21:01:48.0109 1080 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/04/19 21:01:48.0328 1080 PLTurbh (7e32b692fcf44c3add10186b54111f29) C:\WINDOWS\system32\drivers\plturbh.sys
2011/04/19 21:01:48.0421 1080 PLTurbo (8454c205ba53d22b5a34d9b2613859a9) C:\WINDOWS\system32\drivers\plturbo.sys
2011/04/19 21:01:48.0546 1080 PnkBstrK (58dfd37188039bcb6b4bae0c9dfe821b) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/04/19 21:01:48.0656 1080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/19 21:01:48.0796 1080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/19 21:01:48.0921 1080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/19 21:01:49.0015 1080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/19 21:01:49.0125 1080 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/04/19 21:01:49.0218 1080 QCMerced (b607f201293e884f36f9a2ac2c960853) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/04/19 21:01:49.0328 1080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/04/19 21:01:49.0406 1080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/04/19 21:01:49.0468 1080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/04/19 21:01:49.0546 1080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/04/19 21:01:49.0640 1080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/04/19 21:01:49.0718 1080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/19 21:01:49.0828 1080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/19 21:01:49.0953 1080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/19 21:01:50.0031 1080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/19 21:01:50.0140 1080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/19 21:01:50.0234 1080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/19 21:01:50.0312 1080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/19 21:01:50.0406 1080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/19 21:01:50.0500 1080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/19 21:01:50.0593 1080 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/04/19 21:01:50.0781 1080 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/19 21:01:50.0812 1080 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/19 21:01:50.0953 1080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/19 21:01:51.0078 1080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/19 21:01:51.0171 1080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/19 21:01:51.0265 1080 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2011/04/19 21:01:51.0375 1080 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/19 21:01:51.0468 1080 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/19 21:01:51.0578 1080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/19 21:01:51.0656 1080 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/19 21:01:51.0750 1080 sfvfs02 (9ef50060cc7e6953bab83f2a42ccc421) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/04/19 21:01:51.0953 1080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/04/19 21:01:52.0062 1080 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/19 21:01:52.0171 1080 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/04/19 21:01:52.0265 1080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/04/19 21:01:52.0343 1080 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2011/04/19 21:01:52.0453 1080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/19 21:01:52.0562 1080 SQTECH905C (e3879c514f59402e1a7ce58a5511816f) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/04/19 21:01:52.0640 1080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/19 21:01:52.0765 1080 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/19 21:01:52.0984 1080 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/19 21:01:53.0046 1080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/19 21:01:53.0125 1080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/19 21:01:53.0234 1080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/04/19 21:01:53.0296 1080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/04/19 21:01:53.0375 1080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/04/19 21:01:53.0437 1080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/04/19 21:01:53.0531 1080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/19 21:01:53.0640 1080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/19 21:01:53.0750 1080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/19 21:01:53.0828 1080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/19 21:01:53.0937 1080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/19 21:01:54.0031 1080 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/04/19 21:01:54.0140 1080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/04/19 21:01:54.0250 1080 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/04/19 21:01:54.0359 1080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/19 21:01:54.0453 1080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/04/19 21:01:54.0562 1080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/19 21:01:54.0687 1080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/19 21:01:54.0765 1080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/19 21:01:54.0843 1080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/19 21:01:54.0937 1080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/19 21:01:55.0031 1080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/19 21:01:55.0125 1080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/19 21:01:55.0234 1080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/19 21:01:55.0390 1080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/19 21:01:55.0515 1080 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/04/19 21:01:55.0625 1080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/19 21:01:55.0734 1080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/04/19 21:01:55.0812 1080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/04/19 21:01:55.0984 1080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/19 21:01:56.0156 1080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/19 21:01:56.0296 1080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/19 21:01:56.0421 1080 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/19 21:01:56.0593 1080 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/04/19 21:01:56.0671 1080 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/04/19 21:01:56.0781 1080 WmHidLo (84e2258c942c940198e60be605c85601) C:\WINDOWS\system32\drivers\WmHidLo.sys
2011/04/19 21:01:56.0890 1080 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/04/19 21:01:56.0984 1080 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/04/19 21:01:57.0093 1080 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/19 21:01:57.0203 1080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/19 21:01:57.0281 1080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/19 21:01:57.0484 1080 ================================================================================
2011/04/19 21:01:57.0484 1080 Scan finished
2011/04/19 21:01:57.0500 1080 ================================================================================
2011/04/19 21:05:04.0703 1940 Deinitialize success



Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 09:28:47
-----------------------------
09:28:47.765 OS Version: Windows 5.1.2600 Service Pack 3
09:28:47.765 Number of processors: 1 586 0x207
09:28:47.765 ComputerName: D1JST321 UserName: Brett
09:28:48.921 Initialize success
09:30:10.093 AVAST engine defs: 12041900
09:30:37.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:30:37.296 Disk 0 Vendor: WDC_WD1200JB-75CRA0 16.06V16 Size: 114440MB BusType: 3
09:30:37.359 Disk 0 MBR read successfully
09:30:37.390 Disk 0 MBR scan
09:30:37.453 Disk 0 Windows XP default MBR code
09:30:37.484 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
09:30:37.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114408 MB offset 64260
09:30:37.578 Disk 0 scanning sectors +234372285
09:30:37.718 Disk 0 scanning C:\WINDOWS\system32\drivers
09:30:56.921 Service scanning
09:31:04.921 Service EnumChip D:\Driver\Gart\EnumChip.sys **LOCKED** 21
09:31:26.093 Modules scanning
09:31:44.359 Disk 0 trace - called modules:
09:31:44.734 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
09:31:45.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd1ab8]
09:31:45.484 3 CLASSPNP.SYS[f7571fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f95b00]
09:31:46.296 AVAST engine scan C:\WINDOWS
09:32:26.625 AVAST engine scan C:\WINDOWS\system32
09:37:28.843 AVAST engine scan C:\WINDOWS\system32\drivers
09:38:00.156 AVAST engine scan C:\Documents and Settings\Brett
10:01:43.062 AVAST engine scan C:\Documents and Settings\All Users
10:05:45.218 Scan finished successfully
10:52:07.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brett\Desktop\MBR.dat"
10:52:07.328 The log file has been saved successfully to "C:\Documents and Settings\Brett\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 19 April 2012 - 02:20 PM

Hello

How Are Things Running?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 April 2012 - 04:41 PM

Hello Gringo, So far things seem to be improved although I have not gone onto the internet and surfed around as I don't have the firewall turned on and I don't have anti-virus software turned on yet. Do you need me to keep those items off or should I turn those back on and see how things are working?

Here is the OTL log you requested:


OTL logfile created on: 4/19/2012 2:19:56 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Brett\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 568.64 Mb Available Physical Memory | 55.59% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): C:\pagefile.sys 1533 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 12.72 Gb Free Space | 11.38% Space Free | Partition Type: NTFS

Computer Name: D1JST321 | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brett\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe ()
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Creative\ShareDLL\Mediadet.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\SYSTEM32\nvapi.dll ()
MOD - C:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (NeroRegInCDSrv) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Omniquad MyPrivacy) -- C:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe ()
SRV - (papycpu2) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu2.sys ()
SRV - (papyjoy) -- C:\WINDOWS\SYSTEM32\DRIVERS\papyjoy.sys ()
SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)
SRV - (papycpu) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu.sys ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (Video3D) -- System32\Drivers\Video3D.sys File not found
DRV - (STEAMDVR) -- C:\Program Files\Valve\Steam\bin\x86\SteamDvr.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (Pcouffin) -- System32\Drivers\Pcouffin.sys File not found
DRV - (PCIDump) -- File not found
DRV - (MCSTRM) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (iAimTV2) -- System32\DRIVERS\wATV03nt.sys File not found
DRV - (EnumChip) -- D:\Driver\Gart\EnumChip.sys File not found
DRV - (ElbyVCD) -- System32\DRIVERS\ElbyVCD.sys File not found
DRV - (dvwyantk) -- C:\WINDOWS\system32\drivers\dvwyantk.sys File not found
DRV - (cportclm) -- C:\DOCUME~1\Brett\LOCALS~1\Temp\cportclm.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Brett\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PLTurbo) -- C:\WINDOWS\SYSTEM32\DRIVERS\plturbo.sys (Prolific Technology Inc.)
DRV - (PLTurbh) -- C:\WINDOWS\SYSTEM32\DRIVERS\plturbh.sys (Prolific Technology Inc.)
DRV - (InCDfs) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDrec.sys (Nero AG)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys ()
DRV - (SQTECH905C) -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys (Service & Quality Technology.)
DRV - (EIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\SYSTEM32\DRIVERS\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp02.sys (Protection Technology)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (WmAdiHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmAdiHid.sys (Logitech Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvcm.sys (Logitech Inc.)
DRV - (papycpu2) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\SYSTEM32\DRIVERS\papyjoy.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (msgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\msgame.sys (Microsoft Corporation)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (papycpu) -- C:\WINDOWS\SYSTEM32\DRIVERS\papycpu.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxphoenix.com/
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes,DefaultScope = {3EBF1CD0-8060-4743-A6AD-F7AEA9913DAF}
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\SearchScopes\{3EBF1CD0-8060-4743-A6AD-F7AEA9913DAF}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.worldnetdaily.com"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Brett\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Brett\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/28 12:21:20 | 000,000,000 | ---D | M]

[2009/11/29 10:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions
[2012/04/17 17:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\vfhoecka.default\extensions
[2008/04/17 19:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/08/27 13:44:42 | 001,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2012/04/18 22:52:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2520005336-1761281869-3217430149-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O15 - HKU\.DEFAULT\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1303829183048 (MUCatalogWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128738097484 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.101.28.100/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.games.yahoo.com/games/clients/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Poker http://download.games.yahoo.com/games/clients/y/pt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F8132-20B2-414E-8B8F-A85F7D0A5DDD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 09:12:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brett\Desktop\aswMBR.exe
[2012/04/19 07:59:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/19 07:57:02 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\tdsskiller.exe
[2012/04/18 23:10:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/18 22:01:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/18 07:08:16 | 004,466,721 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/04/17 13:49:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/16 23:41:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/04/16 23:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/16 13:33:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brett\Recent
[2012/04/16 12:53:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/04/16 09:48:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/28 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/03/28 12:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/03/28 12:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCatcher
[2012/03/28 12:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DreamCatcher
[2012/03/26 10:24:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/25 12:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/25 12:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[959 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[28 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 14:20:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 13:41:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/04/19 13:39:39 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 13:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/04/19 13:37:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 10:52:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\MBR.dat
[2012/04/19 09:12:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brett\Desktop\aswMBR.exe
[2012/04/19 07:57:08 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\tdsskiller.exe
[2012/04/18 22:52:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2012/04/18 07:08:30 | 004,466,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/04/16 23:41:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/04/16 23:12:58 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\SecurityCheck.exe
[2012/04/16 15:36:43 | 000,131,143 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\gmer.zip
[2012/04/16 12:53:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/04/16 12:49:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brett\defogger_reenable
[2012/04/16 12:47:31 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\Defogger.exe
[2012/04/16 11:42:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/16 09:25:42 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\WiNlOgOn.exe
[2012/04/15 23:05:29 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/12 11:53:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 10:32:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/11 18:16:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/04/05 13:21:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/29 16:14:37 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/28 20:51:32 | 000,000,310 | -HS- | M] () -- C:\BOOT.INI
[2012/03/28 09:53:34 | 000,461,740 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/03/28 09:53:34 | 000,076,474 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/03/25 12:57:22 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/03/25 10:23:29 | 000,650,988 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\TaxReturn 2011 - Turbo Tax.pdf
[2012/03/23 17:10:27 | 000,004,017 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\Healthcare_(FSA)_Transactions.csv
[959 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/19 10:52:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\MBR.dat
[2012/04/17 13:49:55 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/16 23:12:58 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\SecurityCheck.exe
[2012/04/16 23:03:36 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/04/16 23:03:36 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
[2012/04/16 23:03:36 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Journal Viewer.lnk
[2012/04/16 23:03:36 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/16 23:03:36 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/04/16 23:03:36 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Dell Jukebox by musicmatch.lnk
[2012/04/16 23:03:36 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2012/04/16 23:03:36 | 000,001,435 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
[2012/04/16 23:03:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/16 23:03:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/16 23:03:36 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/16 23:03:36 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/16 23:03:36 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/04/16 23:03:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/16 23:03:35 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
[2012/04/16 23:03:35 | 000,001,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\USBFast.lnk
[2012/04/16 23:03:34 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/04/16 23:03:33 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2012/04/16 23:03:32 | 000,002,529 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/04/16 23:03:32 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/04/16 23:03:32 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/04/16 23:03:32 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2012/04/16 23:03:32 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/16 23:03:32 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/04/16 23:03:32 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/04/16 23:03:32 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/16 23:03:32 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Express 7.0.lnk
[2012/04/16 23:03:32 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Photo 2002.lnk
[2012/04/16 23:03:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/16 23:03:27 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2012/04/16 15:36:42 | 000,131,143 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\gmer.zip
[2012/04/16 12:49:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brett\defogger_reenable
[2012/04/16 12:47:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\Defogger.exe
[2012/04/16 09:25:39 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\WiNlOgOn.exe
[2012/04/15 22:54:54 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/27 17:03:20 | 000,359,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2520005336-1761281869-3217430149-1006-0.dat
[2012/03/25 18:10:23 | 000,359,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/25 12:57:22 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/03/25 10:23:27 | 000,650,988 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\TaxReturn 2011 - Turbo Tax.pdf
[2012/03/23 17:10:27 | 000,004,017 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\Healthcare_(FSA)_Transactions.csv
[2012/03/08 14:28:36 | 000,088,056 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/03 12:01:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/03 12:01:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/03 12:01:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/03 12:01:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/03 12:01:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/21 14:38:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/17 17:11:27 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/18 01:43:55 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Brett\Application Data\default.pls
[2010/04/25 16:21:01 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2010/04/25 16:20:59 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2010/04/25 16:20:56 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2010/04/25 16:20:56 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 PM

Posted 19 April 2012 - 09:27 PM

turn everything back on and go for a spin and let me know how things are doing


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bman2011

bman2011
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 20 April 2012 - 01:35 AM

Hello Gringo,

Everything seems to be much better...have not noticed any HDD SMART virus occurrences, and the re-directs from Google and Bing searches are no longer happening. Speed has improved. Seems to be much better than before. Is there any further cleanup that can be done at this point to improve things further?

bman2011




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users