Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access any files or applications


  • This topic is locked This topic is locked
49 replies to this topic

#1 philsphan

philsphan

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 June 2012 - 01:17 PM

I ran dds and gmer in safemode per Broni's instruction. I ran dds twice and gmer once. DDs froze up and did not create a log at all. The popups on my desk top (in normal operating mode) tell me to run an HDD scan all my files are in danger etc... All of my files and applications are gone. I may be able to do a screen shot if that helps. I cannot access any browsers in normal operating mode. I'm running xp media edition. In safe mode i can't access a browser if i log into my personal desktop.
hmmm. what should i try next?
thanks

Edited by philsphan, 24 June 2012 - 01:25 PM.


BC AdBot (Login to Remove)

 


#2 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 June 2012 - 01:24 PM

ok here is the gmer log
dds created no log.

Attached Files

  • Attached File  ark.txt   957bytes   2 downloads


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 24 June 2012 - 11:48 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 25 June 2012 - 08:45 PM

ok thanks, is it ok to do this all in safe mode? that's the only way i have access.
I got most of my files back and here are the security check results

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
CCleaner
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (Firefox,. Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 25 June 2012 - 08:59 PM

go ahead and try in normal mode first if it will not run then go ahead and do in safe mode


I will be waiting for the OTL report for when it is done



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 25 June 2012 - 08:59 PM

OTL logfile created on: 6/25/2012 6:49:15 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 85.67% Memory free
3.20 Gb Paging File | 3.10 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 150.28 Gb Free Space | 67.00% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.78% Space Free | Partition Type: FAT32

Computer Name: DONVEGAS | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (nsak) -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\nsak.sys File not found
DRV - (NDISKIO) -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\ndiskio.sys File not found
DRV - (MCSTRM) -- File not found
DRV - (MagicTune) -- system32\drivers\MTiCtwl.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\lvckap.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\lvpr2mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\lvmvdrv.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\lv302v32.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\rtkhdaud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\nvenetfd.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\ps2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\hsxhwbs2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\hsx_dp.sys (Conexant Systems, Inc.)
DRV - (ftsata2) -- C:\WINDOWS\system32\drivers\ftsata2.sys (Promise Technology, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\amdk8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\drivers\bb-run.sys (Promise Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 19:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 22:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/21 21:33:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/05/04 21:19:26 | 000,000,000 | ---D | M]

[2008/06/20 18:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2012/03/17 09:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qtifvy6p.default\extensions
[2009/12/06 19:57:44 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qtifvy6p.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/05/30 09:55:21 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qtifvy6p.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/03/17 09:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/08 19:14:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/29 22:06:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/03/17 09:10:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/17 09:10:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/24 21:26:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HDFDEdWnhRJWy.exe] C:\Documents and Settings\All Users\Application Data\HDFDEdWnhRJWy.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2892036255-277483593-1327984950-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DCEA51-327B-4EF2-9209-B29EAA56CCB7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 18:46:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/06/25 18:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 18:11:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2012/06/23 16:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 08:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/28 07:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\moon 5
[2011/01/16 21:20:35 | 000,585,728 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\Compaq_Administrator\HPAsset.exe
[2011/01/16 21:20:35 | 000,040,960 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\Compaq_Administrator\hpmonZ.exe
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 18:46:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/06/25 18:40:21 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe
[2012/06/25 18:33:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/25 18:09:22 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/25 17:54:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 17:23:53 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/06/22 22:51:10 | 000,344,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HDFDEdWnhRJWy.exe
[2012/06/13 06:45:57 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 03:14:36 | 000,483,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 03:14:36 | 000,080,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:12:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/03 20:23:36 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/28 07:23:43 | 000,019,459 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\moon.jpg
[2012/05/27 21:11:28 | 002,313,565 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090022.JPG
[2012/05/27 21:10:22 | 002,210,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090020.JPG
[2012/05/27 21:09:58 | 002,244,790 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090019.JPG
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 18:36:10 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe
[2012/06/25 18:32:06 | 000,002,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk
[2012/06/25 18:32:06 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/06/25 18:32:06 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/06/25 18:32:06 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012/06/25 18:32:06 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2012/06/25 18:32:06 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/06/25 18:32:06 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/06/25 18:32:06 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/06/25 18:32:06 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/25 18:32:06 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/25 18:32:06 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2012/06/25 18:32:06 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DISCover My Games™.lnk
[2012/06/25 18:32:06 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/25 18:32:06 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2012/06/25 18:32:06 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/25 18:32:06 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/06/25 18:32:06 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/25 18:32:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/25 18:32:06 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/06/25 18:32:06 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/06/25 18:32:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/06/25 18:32:05 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/06/25 18:32:05 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Play.lnk
[2012/06/25 18:32:05 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\DISCover My Games™.lnk
[2012/06/22 22:53:24 | 000,344,824 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\HDFDEdWnhRJWy.exe
[2012/05/28 07:23:43 | 000,019,459 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\moon.jpg
[2012/05/27 22:03:16 | 002,244,790 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090019.JPG
[2012/05/27 22:03:13 | 002,210,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090020.JPG
[2012/05/27 22:03:10 | 002,313,565 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\P1090022.JPG
[2012/02/25 23:42:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/04 07:36:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vlilavidifexe.dat
[2011/06/02 21:21:39 | 000,000,446 | RHS- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.pol
[2011/05/24 20:20:08 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15458084
[2011/01/16 21:20:55 | 000,288,688 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\hpasset.xml
[2011/01/16 21:20:36 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\SMSTUB16.DMP
[2011/01/16 21:20:35 | 000,036,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Dscan16.dll
[2011/01/16 21:20:35 | 000,017,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Smstub16.exe
[2011/01/16 21:20:35 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Smstub16.pif
[2010/12/31 12:16:08 | 000,826,925 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2892036255-277483593-1327984950-1007-0.dat
[2010/12/31 12:16:07 | 000,205,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/01 22:09:25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\czyiwa.dat
[2008/12/23 21:36:47 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\mcs.rma
[2008/12/23 21:36:47 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\98C262
[2008/06/10 19:08:37 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2007/09/01 23:38:30 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 20:15:26 | 000,002,591 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >
[2008/10/15 18:57:43 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\desktop.ini
[2008/10/15 21:11:26 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Get OpenOffice.org.lnk
[2006/09/20 19:43:30 | 000,001,130 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\MSN Encarta Standard.lnk
[2008/05/18 13:48:33 | 000,000,776 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\PokerStars.net.lnk
[2008/10/15 18:57:43 | 000,001,571 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2005/08/30 21:02:10 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/10/15 19:46:59 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2006/09/20 19:46:27 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
[2005/08/30 20:59:54 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
[2006/01/20 22:46:36 | 000,000,876 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DISCover My Games™.lnk
[2006/09/20 19:42:33 | 000,001,609 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVD Play.lnk
[2006/09/20 19:08:55 | 000,001,474 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Media Center.lnk
[2006/09/20 19:44:33 | 000,001,775 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2006/09/20 19:44:33 | 000,001,701 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/04/04 19:00:28 | 000,000,738 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2006/09/20 19:56:02 | 000,001,936 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2007/01/20 17:40:21 | 000,000,963 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
[2005/08/30 20:58:06 | 000,000,609 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2005/08/30 20:59:54 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/12/15 20:50:18 | 000,001,506 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2009/02/07 22:22:29 | 000,000,255 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2011/07/06 00:04:42 | 000,001,523 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/10/15 18:57:31 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2009/02/07 22:22:29 | 000,000,718 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2005/08/30 20:58:06 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2005/08/30 20:58:06 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2005/08/30 20:58:06 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2008/10/15 19:00:21 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2005/08/30 20:58:06 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/10/11 16:39:56 | 000,001,765 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2005/08/30 20:59:42 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2005/08/30 20:55:52 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/10/15 19:00:21 | 000,001,664 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2006/09/20 19:29:39 | 000,000,283 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
[2006/09/20 19:29:39 | 000,001,613 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
[2006/09/20 19:29:39 | 000,001,720 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
[2006/09/20 19:29:39 | 000,001,601 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
[2005/08/30 20:58:06 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2005/08/30 20:58:06 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2005/08/30 20:58:06 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2005/08/30 20:58:04 | 000,001,478 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center.lnk
[2006/09/20 19:42:33 | 000,001,859 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\DVD Play Setting.lnk
[2006/09/20 19:06:50 | 000,000,711 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\Otto.lnk
[2006/09/20 19:26:23 | 000,000,811 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2006/09/20 19:26:23 | 000,000,904 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2005/08/30 21:02:10 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2005/08/30 20:58:06 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2005/08/30 21:02:10 | 000,000,757 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2009/07/05 17:04:44 | 000,001,540 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/07/05 17:25:51 | 000,001,580 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2005/08/30 21:02:10 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2005/08/30 20:59:50 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2005/08/30 20:59:46 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2005/08/30 20:59:48 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2005/08/30 20:57:40 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2010/05/30 09:05:35 | 000,001,610 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2005/08/30 21:02:10 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2005/08/30 21:02:10 | 000,000,545 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2005/08/30 21:02:10 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2005/08/30 21:02:10 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2006/09/20 19:05:24 | 000,001,115 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2006/09/20 19:05:24 | 000,001,166 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2005/08/30 21:02:10 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2005/08/30 21:02:10 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2011/01/23 09:22:09 | 000,000,495 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\AoA DVD Copy\AoA DVD Copy on the Web.lnk
[2011/01/23 09:22:08 | 000,000,690 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\AoA DVD Copy\AoA DVD Copy.lnk
[2011/01/23 09:22:09 | 000,000,646 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\AoA DVD Copy\HELP.lnk
[2011/01/23 09:22:09 | 000,000,670 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\AoA DVD Copy\Uninstall AoA DVD Copy.lnk
[2007/01/29 20:42:54 | 000,001,790 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update\Apple Software Update.lnk
[2012/05/11 08:00:59 | 000,001,710 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira Free Antivirus Help.lnk
[2012/05/11 08:00:59 | 000,001,726 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira on the Internet.lnk
[2012/05/11 08:00:59 | 000,000,855 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Display readme.lnk
[2012/05/11 08:00:59 | 000,001,733 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Start Avira Free Antivirus.lnk
[2009/07/23 21:02:51 | 000,000,465 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\COWON Media Center - jetAudio.lnk
[2009/07/23 21:02:56 | 000,000,459 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetCast.lnk
[2009/07/23 21:02:51 | 000,000,485 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\Audio Mixing Recorder.lnk
[2009/07/23 21:02:51 | 000,000,465 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\Audio Trimmer.lnk
[2009/07/23 21:02:50 | 000,000,465 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\jetLogo - Logo Maker for COWON Players.lnk
[2009/07/23 21:02:50 | 000,000,471 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\jetShell - Smart Backup & Device Manager for COWON Players.lnk
[2009/07/23 21:02:51 | 000,000,471 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\Lyric Maker.lnk
[2009/07/23 21:02:56 | 000,000,475 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\Video Converter.lnk
[2009/07/23 21:02:56 | 000,000,481 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON Media Center - jetAudio\jetToys\Video Format Converter to AVI.lnk
[2009/03/24 07:18:34 | 000,000,525 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\COWON\D2+\COWON D2+ English User's Guide.lnk
[2011/01/23 09:22:24 | 000,000,701 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVD43\DVD43.lnk
[2009/06/13 17:00:10 | 000,000,806 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Fix components.lnk
[2009/06/13 17:00:09 | 000,000,826 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
[2009/06/13 17:00:09 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
[2009/06/13 17:00:01 | 000,000,979 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free Audio Converter.lnk
[2010/12/21 21:15:48 | 000,000,993 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Freemake\ Freemake Video Converter.lnk
[2006/09/20 19:40:00 | 000,002,129 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\- My HP Game Console -.lnk
[2006/09/20 19:29:53 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
[2005/08/30 20:58:06 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2005/08/30 20:58:06 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2006/09/20 19:29:53 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2006/09/20 19:29:53 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2006/09/20 19:29:53 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2006/09/20 19:29:53 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2006/09/20 19:29:53 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2005/08/30 20:58:06 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2005/08/30 20:58:06 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2005/08/30 20:58:06 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2005/08/30 20:58:06 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2008/01/21 14:17:54 | 000,000,709 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\HP Album Printing.lnk
[2008/01/21 14:17:55 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\HP Photo and Imaging Director.lnk
[2008/01/21 14:17:55 | 000,000,717 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\HP Photo and Imaging Software Help.lnk
[2008/01/21 14:17:54 | 000,001,005 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\HP Product Support Website.lnk
[2008/01/21 14:17:55 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Image Editor.lnk
[2008/01/21 14:17:55 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Photo Gallery.lnk
[2008/01/21 14:17:54 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Product Registration.lnk
[2008/01/21 14:17:55 | 000,000,963 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Product Tour.lnk
[2008/01/21 14:17:54 | 000,000,697 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Readme.lnk
[2008/01/21 14:17:54 | 000,001,089 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\HP Officejet 4100 Series\Uninstall Software.lnk
[2007/05/12 15:18:35 | 000,000,697 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Help.lnk
[2007/05/12 15:18:34 | 000,000,701 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\License.lnk
[2007/05/12 15:18:34 | 000,000,687 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Memories Disc.lnk
[2007/05/12 15:18:34 | 000,000,697 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\Memories Disc\Readme.lnk
[2010/05/30 12:58:07 | 000,001,754 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HijackThis\HijackThis.lnk
[2006/09/20 20:05:10 | 000,001,587 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals\Symantec Security Check.lnk
[2006/09/20 19:31:47 | 000,001,895 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Express.lnk
[2006/09/20 19:31:16 | 000,000,918 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Premier.lnk
[2006/09/20 19:31:47 | 000,001,835 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Transfer.lnk
[2006/09/20 19:31:00 | 000,001,892 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Tour.lnk
[2006/09/20 19:42:07 | 000,001,836 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Update.lnk
[2008/03/31 22:10:15 | 000,001,836 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Update.lnk
[2008/03/31 22:09:41 | 000,001,766 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\HP\Shop for HP Supplies.lnk
[2009/06/22 19:36:35 | 000,000,631 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Last.fm\Go to www.last.fm.lnk
[2009/06/22 19:36:35 | 000,000,631 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Last.fm\Last.fm.lnk
[2009/06/22 19:36:35 | 000,000,643 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Last.fm\Uninstall Last.fm.lnk
[2006/09/20 19:36:18 | 000,001,819 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Express Labeler.lnk
[2006/09/20 19:41:41 | 000,001,798 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2012/01/17 21:03:42 | 000,002,457 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam.lnk
[2012/05/04 20:03:14 | 000,000,804 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
[2012/05/04 20:03:14 | 000,000,804 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
[2012/05/04 20:03:14 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
[2012/05/04 20:03:14 | 000,000,955 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
[2007/02/28 20:19:19 | 000,002,044 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
[2007/03/03 20:52:30 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
[2007/02/28 20:19:19 | 000,002,036 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
[2007/02/28 20:19:19 | 000,002,022 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2007/02/28 20:19:19 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2007/02/28 20:19:19 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
[2007/02/28 20:19:19 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
[2007/02/28 20:19:19 | 000,001,876 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2007/02/28 20:19:19 | 000,002,140 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2007/02/28 20:19:19 | 000,002,142 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2007/02/28 20:19:19 | 000,001,964 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2012/05/19 03:00:59 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2006/09/20 19:44:33 | 000,001,543 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2006/09/20 19:44:33 | 000,001,901 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2006/09/20 19:44:33 | 000,002,032 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2006/09/20 19:44:33 | 000,001,689 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2006/09/20 19:44:33 | 000,001,671 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2006/09/20 19:44:33 | 000,001,707 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2006/09/20 19:44:33 | 000,001,691 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2006/09/20 19:44:33 | 000,000,840 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
[2006/09/20 19:39:59 | 000,002,129 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\My HP Games\- My HP Game Console -.lnk
[2006/09/20 19:35:04 | 000,001,767 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Netscape\Netscape Browser.lnk
[2006/09/20 19:35:04 | 000,001,767 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Netscape\Uninstall.lnk
[2010/08/20 23:01:13 | 000,000,845 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\Lumix\ZS7_ZS6_ZS5\ZS7_ZS6_ZS5 Operating Instructions.lnk
[2009/03/29 21:28:01 | 000,000,639 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\SDFormatter V2.0\Readme.lnk
[2009/03/29 21:28:01 | 000,000,663 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\SDFormatter V2.0\SDFormatter V2.0.lnk
[2006/09/20 19:52:27 | 000,001,842 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Advanced Troubleshooting Tools.lnk
[2006/09/20 19:45:12 | 000,001,581 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq Application Recovery.lnk
[2006/09/20 19:49:44 | 000,001,911 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq Connections.lnk
[2006/09/20 19:45:13 | 000,001,571 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq Recovery CD-DVD Creator.lnk
[2006/09/20 19:45:13 | 000,001,694 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq Recovery Tools CD.lnk
[2006/09/20 19:12:30 | 000,000,598 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq support information.lnk
[2006/09/20 19:45:13 | 000,001,579 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Compaq System Recovery.lnk
[2006/09/20 19:53:38 | 000,001,710 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\PC-Doctor 5 for Windows.lnk
[2006/02/16 08:32:10 | 000,001,647 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\PC-Doctor Offline DOS Diagnostic.lnk
[2006/09/20 19:45:35 | 000,000,731 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Software Repair Wizard.lnk
[2006/09/20 19:45:14 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\System Restore.lnk
[2009/01/02 00:54:33 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Photo Viewer\Photo Viewer.lnk
[2008/05/18 13:48:33 | 000,000,736 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Network Status.lnk
[2008/05/18 13:48:31 | 000,000,788 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\PokerStars.net.lnk
[2008/05/18 13:48:33 | 000,000,839 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Uninstall PokerStars.net.lnk
[2008/06/13 20:08:27 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2008/06/13 20:08:27 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2009/03/30 19:54:16 | 000,002,199 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2008/06/13 20:08:28 | 000,001,647 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2006/09/20 19:34:28 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
[2006/09/20 19:34:28 | 000,000,581 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2006/09/20 19:34:28 | 000,000,679 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2006/09/20 19:34:28 | 000,000,840 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2006/09/20 19:34:28 | 000,000,859 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2006/09/20 19:34:28 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2006/09/20 19:34:28 | 000,000,948 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
[2006/09/20 19:35:30 | 000,000,650 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Check Web For Update.lnk
[2006/09/20 19:35:30 | 000,000,650 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
[2006/09/20 19:35:30 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Rhapsody\Uninstall.lnk
[2012/04/09 07:15:50 | 000,002,277 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2006/09/20 19:49:08 | 000,001,711 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Snapfish for your photos\Snapfish for your photos.lnk
[2009/02/25 08:11:59 | 000,000,842 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
[2009/02/25 08:11:58 | 000,000,953 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
[2009/02/25 08:11:59 | 000,000,959 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
[2007/01/27 22:08:43 | 000,000,969 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
[2009/02/25 08:11:59 | 000,000,969 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
[2009/02/25 08:11:59 | 000,000,883 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
[2005/08/30 21:02:10 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/10/24 21:29:41 | 000,000,723 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Stellarium\config.ini.lnk
[2011/10/24 21:29:41 | 000,000,707 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Stellarium\Last run log.lnk
[2011/10/24 21:29:41 | 000,001,634 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Stellarium\Stellarium (no OpenGL2).lnk
[2011/10/24 21:29:41 | 000,001,610 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Stellarium\Stellarium.lnk
[2011/10/24 21:29:41 | 000,000,660 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Stellarium\Uninstall Stellarium.lnk
[2010/06/04 20:04:29 | 000,001,642 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\BootSafe.lnk
[2010/06/04 20:04:29 | 000,001,626 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
[2010/06/04 20:04:29 | 000,001,698 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
[2010/06/04 20:04:29 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
[2010/06/04 20:04:29 | 000,001,720 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
[2006/09/20 19:54:13 | 000,001,423 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Getting Started Guide.lnk
[2006/09/20 19:53:46 | 000,001,435 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Media Center Software Guide.lnk
[2006/09/20 19:54:01 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Safety & Comfort Guide.lnk
[2006/09/20 19:54:07 | 000,001,459 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\User's Guides\Upgrading and Servicing Guide.lnk
[2011/09/27 07:40:56 | 000,000,795 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Documentation.lnk
[2011/09/27 07:40:56 | 000,000,746 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Release Notes.lnk
[2011/09/27 07:40:56 | 000,000,835 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk
[2011/09/27 07:40:56 | 000,000,810 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VideoLAN Website.lnk
[2011/09/27 07:40:56 | 000,000,755 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VLC media player skinned.lnk
[2011/09/27 07:40:56 | 000,000,739 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VLC media player.lnk
[2005/08/30 20:57:30 | 000,001,082 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Audio Converter.lnk
[2005/08/30 20:57:30 | 000,000,897 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows CD Label Maker.lnk
[2005/08/30 20:57:30 | 000,000,979 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Dancer.lnk
[2005/08/30 20:57:30 | 000,001,032 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Party Mode.lnk
[2011/01/21 08:16:10 | 000,001,698 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
[2011/01/21 08:16:46 | 000,001,847 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
[2011/01/14 08:29:34 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Getting Started.lnk
[2011/01/14 08:29:35 | 000,001,609 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Quick Reference.lnk
[2011/01/14 08:29:34 | 000,001,629 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Release Notes.lnk
[2011/01/14 08:29:34 | 000,001,614 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\User Guide.lnk
[2011/01/14 08:29:38 | 000,001,987 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Windows PowerShell.lnk
[2009/01/15 00:04:05 | 000,000,693 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
[2009/01/15 00:04:05 | 000,000,712 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
[2009/01/15 00:04:05 | 000,000,712 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
[2008/10/15 19:15:30 | 000,000,170 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\desktop.ini
[2006/01/20 15:46:36 | 000,000,876 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\DISCover My Games™.lnk
[2008/10/15 19:15:17 | 000,000,787 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2007/01/20 15:27:15 | 000,001,486 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Media Center.lnk
[2011/04/04 19:00:28 | 000,000,750 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2006/09/20 12:39:59 | 000,002,135 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\My HP Games.lnk
[2006/09/20 19:35:04 | 000,001,773 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Netscape Browser.lnk
[2008/05/18 13:48:33 | 000,000,794 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\PokerStars.net.lnk
[2008/06/13 20:08:27 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
[2006/09/20 12:34:33 | 000,000,923 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\RealPlayer.lnk
[2006/09/20 12:35:30 | 000,000,656 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Rhapsody.lnk
[2005/08/30 14:06:40 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2008/02/26 22:57:43 | 000,000,959 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Spybot - Search & Destroy.lnk
[2008/12/21 01:51:18 | 000,000,808 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE

< End of report >

#7 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 25 June 2012 - 09:01 PM

normal mode just freezes up due to all the malware

#8 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 25 June 2012 - 11:20 PM

update: rebooted in normal operating mode and files are gone again. should i repeat the previous procedures?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 25 June 2012 - 11:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 June 2012 - 10:50 AM

update: I tried to run combofix in normal operating mode but was unsuccessful. I kept getting a popup which read "Windows cannot find NIRKMD" . I left it overnight but it was frozen so i turned the machine off. Combofix got to the point where the screen was blue and was scanning for malware.
Should i run again in safemode?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 26 June 2012 - 01:25 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 June 2012 - 08:54 PM

ran in safemode

ComboFix 12-06-26.02 - Compaq_Administrator 06/26/2012 18:38:25.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1701 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\15458084
c:\documents and settings\All Users\Application Data\HDFDEdWnhRJWy.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator\Application Data\98C262
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Windows Server\flags.ini.vir
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Windows Server\uses32.dat.vir
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETC2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-23 15:35 . 2012-06-23 15:35 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-10 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-10 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-10 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2004-08-10 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-10 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-10 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-10 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-02-07 22:28 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-02-07 22:28 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2009-02-07 22:28 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 04:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:16 . 2008-06-11 02:11 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-10 11:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 04:00 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 17:20 . 2012-05-11 15:00 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-25 07:32 . 2012-05-11 15:00 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-20 19:29 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2012-04-20 19:29 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2012-04-17 04:18 . 2012-05-11 15:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-04 22:56 . 2011-05-27 06:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-05-09 02:14 . 2011-04-05 02:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-21 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-20 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-20 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk
backup=c:\windows\pss\hp officejet 4100 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-26 00:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5/11/2012 8:00 AM 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/11/2012 8:00 AM 86224]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 7:14 PM 129976]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\ndiskio.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\nsak.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\00000c69.nmc\nse\bin\nsak.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page =
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = <local>
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qtifvy6p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HDFDEdWnhRJWy.exe - c:\documents and settings\All Users\Application Data\HDFDEdWnhRJWy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 18:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2012-06-26 18:51:16
ComboFix-quarantined-files.txt 2012-06-27 01:50
.
Pre-Run: 161,392,443,392 bytes free
Post-Run: 161,674,317,824 bytes free
.
- - End Of File - - 7DC18DAE47515E435DA3C89200237AA0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 26 June 2012 - 09:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 June 2012 - 09:54 PM

19:46:04.0953 1644 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
19:46:05.0328 1644 ============================================================
19:46:05.0328 1644 Current date / time: 2012/06/26 19:46:05.0328
19:46:05.0328 1644 SystemInfo:
19:46:05.0328 1644
19:46:05.0328 1644 OS Version: 5.1.2600 ServicePack: 3.0
19:46:05.0328 1644 Product type: Workstation
19:46:05.0328 1644 ComputerName: DONVEGAS
19:46:05.0328 1644 UserName: Compaq_Administrator
19:46:05.0328 1644 Windows directory: C:\WINDOWS
19:46:05.0328 1644 System windows directory: C:\WINDOWS
19:46:05.0328 1644 Processor architecture: Intel x86
19:46:05.0328 1644 Number of processors: 1
19:46:05.0328 1644 Page size: 0x1000
19:46:05.0328 1644 Boot type: Safe boot with network
19:46:05.0328 1644 ============================================================
19:46:06.0968 1644 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:46:07.0015 1644 ============================================================
19:46:07.0015 1644 \Device\Harddisk0\DR0:
19:46:07.0015 1644 MBR partitions:
19:46:07.0015 1644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C09B531
19:46:07.0015 1644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C09F080, BlocksNum 0x1125150
19:46:07.0015 1644 ============================================================
19:46:07.0031 1644 C: <-> \Device\Harddisk0\DR0\Partition0
19:46:07.0062 1644 D: <-> \Device\Harddisk0\DR0\Partition1
19:46:07.0062 1644 ============================================================
19:46:07.0062 1644 Initialize success
19:46:07.0062 1644 ============================================================
19:46:12.0843 1284 ============================================================
19:46:12.0843 1284 Scan started
19:46:12.0843 1284 Mode: Manual;
19:46:12.0843 1284 ============================================================
19:46:15.0562 1284 Abiosdsk - ok
19:46:15.0578 1284 abp480n5 - ok
19:46:15.0656 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:15.0656 1284 ACPI - ok
19:46:15.0703 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:15.0703 1284 ACPIEC - ok
19:46:15.0718 1284 adpu160m - ok
19:46:15.0781 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:15.0781 1284 aec - ok
19:46:15.0843 1284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:46:15.0843 1284 AFD - ok
19:46:15.0859 1284 Aha154x - ok
19:46:15.0890 1284 aic78u2 - ok
19:46:15.0906 1284 aic78xx - ok
19:46:15.0968 1284 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:46:15.0968 1284 Alerter - ok
19:46:16.0031 1284 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:46:16.0031 1284 ALG - ok
19:46:16.0062 1284 AliIde - ok
19:46:16.0093 1284 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:46:16.0093 1284 AmdK8 - ok
19:46:16.0125 1284 amsint - ok
19:46:16.0312 1284 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:46:16.0312 1284 AntiVirSchedulerService - ok
19:46:16.0390 1284 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:46:16.0390 1284 AntiVirService - ok
19:46:16.0453 1284 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:46:16.0468 1284 AppMgmt - ok
19:46:16.0500 1284 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
19:46:16.0500 1284 aracpi - ok
19:46:16.0546 1284 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
19:46:16.0546 1284 arhidfltr - ok
19:46:16.0609 1284 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
19:46:16.0609 1284 arkbcfltr - ok
19:46:16.0687 1284 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
19:46:16.0687 1284 armoucfltr - ok
19:46:16.0765 1284 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:46:16.0765 1284 Arp1394 - ok
19:46:16.0781 1284 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
19:46:16.0781 1284 ARPolicy - ok
19:46:16.0812 1284 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
19:46:16.0812 1284 ARSVC - ok
19:46:16.0843 1284 asc - ok
19:46:16.0875 1284 asc3350p - ok
19:46:16.0890 1284 asc3550 - ok
19:46:17.0078 1284 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:46:17.0093 1284 aspnet_state - ok
19:46:17.0140 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:17.0140 1284 AsyncMac - ok
19:46:17.0203 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:17.0203 1284 atapi - ok
19:46:17.0234 1284 Atdisk - ok
19:46:17.0312 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:17.0312 1284 Atmarpc - ok
19:46:17.0375 1284 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:46:17.0375 1284 AudioSrv - ok
19:46:17.0390 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:17.0390 1284 audstub - ok
19:46:17.0421 1284 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:46:17.0421 1284 avgntflt - ok
19:46:17.0453 1284 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:46:17.0453 1284 avipbb - ok
19:46:17.0484 1284 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:46:17.0484 1284 avkmgr - ok
19:46:17.0546 1284 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:46:17.0562 1284 bb-run - ok
19:46:17.0593 1284 BCM43XX (ae96075a3aed5c40f1ead477ea94acd7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:46:17.0593 1284 BCM43XX - ok
19:46:17.0687 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:17.0687 1284 Beep - ok
19:46:17.0765 1284 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:46:17.0781 1284 BITS - ok
19:46:17.0859 1284 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:46:17.0859 1284 Browser - ok
19:46:18.0062 1284 catchme - ok
19:46:18.0093 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:18.0093 1284 cbidf2k - ok
19:46:18.0140 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:46:18.0140 1284 CCDECODE - ok
19:46:18.0171 1284 cd20xrnt - ok
19:46:18.0218 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:18.0218 1284 Cdaudio - ok
19:46:18.0265 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:18.0265 1284 Cdfs - ok
19:46:18.0328 1284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:18.0328 1284 Cdrom - ok
19:46:18.0343 1284 Changer - ok
19:46:18.0421 1284 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:46:18.0421 1284 CiSvc - ok
19:46:18.0437 1284 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:46:18.0437 1284 ClipSrv - ok
19:46:18.0484 1284 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:18.0484 1284 clr_optimization_v2.0.50727_32 - ok
19:46:18.0625 1284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:18.0625 1284 clr_optimization_v4.0.30319_32 - ok
19:46:18.0640 1284 CmdIde - ok
19:46:18.0671 1284 COMSysApp - ok
19:46:18.0718 1284 Cpqarray - ok
19:46:18.0781 1284 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:46:18.0781 1284 CryptSvc - ok
19:46:18.0796 1284 dac2w2k - ok
19:46:18.0828 1284 dac960nt - ok
19:46:18.0906 1284 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:46:18.0906 1284 DcomLaunch - ok
19:46:18.0984 1284 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:46:18.0984 1284 Dhcp - ok
19:46:19.0000 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:19.0000 1284 Disk - ok
19:46:19.0015 1284 dmadmin - ok
19:46:19.0125 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:19.0125 1284 dmboot - ok
19:46:19.0171 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:19.0171 1284 dmio - ok
19:46:19.0234 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:19.0234 1284 dmload - ok
19:46:19.0281 1284 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:46:19.0281 1284 dmserver - ok
19:46:19.0312 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:19.0312 1284 DMusic - ok
19:46:19.0390 1284 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:46:19.0390 1284 Dnscache - ok
19:46:19.0453 1284 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:46:19.0453 1284 Dot3svc - ok
19:46:19.0484 1284 dpti2o - ok
19:46:19.0546 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:19.0546 1284 drmkaud - ok
19:46:19.0625 1284 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
19:46:19.0625 1284 dvd43llh - ok
19:46:19.0687 1284 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:46:19.0687 1284 EapHost - ok
19:46:19.0843 1284 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
19:46:19.0843 1284 ehRecvr - ok
19:46:19.0906 1284 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
19:46:19.0906 1284 ehSched - ok
19:46:19.0921 1284 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:46:19.0921 1284 ERSvc - ok
19:46:19.0968 1284 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:19.0984 1284 Eventlog - ok
19:46:20.0062 1284 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:46:20.0062 1284 EventSystem - ok
19:46:20.0109 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:20.0109 1284 Fastfat - ok
19:46:20.0171 1284 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:20.0171 1284 FastUserSwitchingCompatibility - ok
19:46:20.0250 1284 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:46:20.0250 1284 Fax - ok
19:46:20.0312 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:46:20.0312 1284 Fdc - ok
19:46:20.0375 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:20.0375 1284 Fips - ok
19:46:20.0421 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:46:20.0421 1284 Flpydisk - ok
19:46:20.0468 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:20.0468 1284 FltMgr - ok
19:46:20.0609 1284 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:20.0609 1284 FontCache3.0.0.0 - ok
19:46:20.0640 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:20.0640 1284 Fs_Rec - ok
19:46:20.0703 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:20.0703 1284 Ftdisk - ok
19:46:20.0734 1284 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:46:20.0734 1284 ftsata2 - ok
19:46:20.0812 1284 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
19:46:20.0812 1284 GearAspiWDM - ok
19:46:20.0875 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:20.0875 1284 Gpc - ok
19:46:20.0953 1284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:46:20.0953 1284 HDAudBus - ok
19:46:21.0046 1284 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:46:21.0046 1284 helpsvc - ok
19:46:21.0062 1284 HidServ - ok
19:46:21.0109 1284 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:46:21.0109 1284 hkmsvc - ok
19:46:21.0140 1284 hpn - ok
19:46:21.0218 1284 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
19:46:21.0218 1284 HSXHWBS2 - ok
19:46:21.0281 1284 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
19:46:21.0296 1284 HSX_DP - ok
19:46:21.0375 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:21.0375 1284 HTTP - ok
19:46:21.0437 1284 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:46:21.0437 1284 HTTPFilter - ok
19:46:21.0453 1284 i2omgmt - ok
19:46:21.0468 1284 i2omp - ok
19:46:21.0531 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:21.0531 1284 i8042prt - ok
19:46:21.0734 1284 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:46:21.0734 1284 IDriverT - ok
19:46:21.0828 1284 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:46:21.0828 1284 idsvc - ok
19:46:21.0859 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:21.0875 1284 Imapi - ok
19:46:21.0937 1284 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:46:21.0937 1284 ImapiService - ok
19:46:21.0968 1284 ini910u - ok
19:46:22.0250 1284 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:46:22.0281 1284 IntcAzAudAddService - ok
19:46:22.0453 1284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:46:22.0468 1284 IntelIde - ok
19:46:22.0500 1284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:22.0500 1284 intelppm - ok
19:46:22.0531 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:22.0531 1284 Ip6Fw - ok
19:46:22.0546 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:22.0546 1284 IpInIp - ok
19:46:22.0625 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:22.0625 1284 IpNat - ok
19:46:22.0687 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:22.0687 1284 IPSec - ok
19:46:22.0734 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:22.0734 1284 IRENUM - ok
19:46:22.0765 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:22.0765 1284 isapnp - ok
19:46:22.0921 1284 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
19:46:22.0921 1284 JavaQuickStarterService - ok
19:46:22.0953 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:22.0953 1284 Kbdclass - ok
19:46:22.0984 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:22.0984 1284 kmixer - ok
19:46:23.0031 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:23.0031 1284 KSecDD - ok
19:46:23.0078 1284 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:46:23.0078 1284 lanmanserver - ok
19:46:23.0156 1284 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:46:23.0156 1284 lanmanworkstation - ok
19:46:23.0187 1284 lbrtfdc - ok
19:46:23.0328 1284 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:46:23.0328 1284 LightScribeService - ok
19:46:23.0390 1284 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:46:23.0390 1284 LmHosts - ok
19:46:23.0546 1284 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
19:46:23.0562 1284 LVcKap - ok
19:46:23.0687 1284 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:46:23.0687 1284 LVCOMSer - ok
19:46:23.0906 1284 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
19:46:23.0921 1284 LVMVDrv - ok
19:46:24.0078 1284 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:46:24.0078 1284 LVPr2Mon - ok
19:46:24.0109 1284 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:46:24.0109 1284 LVPrcSrv - ok
19:46:24.0156 1284 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
19:46:24.0156 1284 LVSrvLauncher - ok
19:46:24.0187 1284 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:46:24.0187 1284 LVUSBSta - ok
19:46:24.0218 1284 MagicTune - ok
19:46:24.0343 1284 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
19:46:24.0343 1284 McrdSvc - ok
19:46:24.0359 1284 MCSTRM - ok
19:46:24.0390 1284 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:46:24.0390 1284 mdmxsdk - ok
19:46:24.0453 1284 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:46:24.0453 1284 Messenger - ok
19:46:24.0531 1284 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
19:46:24.0531 1284 MHN - ok
19:46:24.0578 1284 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:46:24.0578 1284 MHNDRV - ok
19:46:24.0656 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:24.0656 1284 mnmdd - ok
19:46:24.0734 1284 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:46:24.0734 1284 mnmsrvc - ok
19:46:24.0828 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:24.0828 1284 Modem - ok
19:46:24.0875 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:24.0875 1284 Mouclass - ok
19:46:24.0906 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:24.0906 1284 MountMgr - ok
19:46:24.0984 1284 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:46:24.0984 1284 MozillaMaintenance - ok
19:46:25.0015 1284 mraid35x - ok
19:46:25.0078 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:25.0093 1284 MRxDAV - ok
19:46:25.0171 1284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:25.0171 1284 MRxSmb - ok
19:46:25.0203 1284 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:46:25.0203 1284 MSDTC - ok
19:46:25.0234 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:25.0234 1284 Msfs - ok
19:46:25.0265 1284 MSIServer - ok
19:46:25.0312 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:25.0312 1284 MSKSSRV - ok
19:46:25.0328 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:25.0328 1284 MSPCLOCK - ok
19:46:25.0375 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:25.0375 1284 MSPQM - ok
19:46:25.0453 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:25.0453 1284 mssmbios - ok
19:46:25.0500 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:46:25.0500 1284 MSTEE - ok
19:46:25.0546 1284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:46:25.0546 1284 Mup - ok
19:46:25.0593 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:46:25.0593 1284 NABTSFEC - ok
19:46:25.0703 1284 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:46:25.0703 1284 napagent - ok
19:46:25.0750 1284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:25.0750 1284 NDIS - ok
19:46:25.0812 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:46:25.0828 1284 NdisIP - ok
19:46:26.0000 1284 NDISKIO - ok
19:46:26.0046 1284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:26.0046 1284 NdisTapi - ok
19:46:26.0125 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:26.0125 1284 Ndisuio - ok
19:46:26.0171 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:26.0171 1284 NdisWan - ok
19:46:26.0203 1284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:26.0203 1284 NDProxy - ok
19:46:26.0234 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:26.0234 1284 NetBIOS - ok
19:46:26.0296 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:26.0296 1284 NetBT - ok
19:46:26.0359 1284 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:26.0359 1284 NetDDE - ok
19:46:26.0390 1284 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:26.0390 1284 NetDDEdsdm - ok
19:46:26.0453 1284 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:26.0453 1284 Netlogon - ok
19:46:26.0546 1284 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:46:26.0546 1284 Netman - ok
19:46:26.0687 1284 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:26.0687 1284 NetTcpPortSharing - ok
19:46:26.0734 1284 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:46:26.0734 1284 NIC1394 - ok
19:46:26.0812 1284 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:46:26.0828 1284 Nla - ok
19:46:26.0890 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:26.0890 1284 Npfs - ok
19:46:26.0921 1284 nsak - ok
19:46:27.0015 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:27.0031 1284 Ntfs - ok
19:46:27.0046 1284 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:27.0046 1284 NtLmSsp - ok
19:46:27.0093 1284 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:46:27.0109 1284 NtmsSvc - ok
19:46:27.0187 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:27.0187 1284 Null - ok
19:46:27.0406 1284 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:27.0421 1284 nv - ok
19:46:27.0609 1284 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:46:27.0625 1284 NVENETFD - ok
19:46:27.0687 1284 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:46:27.0687 1284 nvnetbus - ok
19:46:27.0765 1284 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
19:46:27.0765 1284 NVSvc - ok
19:46:27.0828 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:27.0828 1284 NwlnkFlt - ok
19:46:27.0890 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:27.0890 1284 NwlnkFwd - ok
19:46:27.0937 1284 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:46:27.0937 1284 ohci1394 - ok
19:46:27.0984 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:27.0984 1284 Parport - ok
19:46:28.0015 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:28.0015 1284 PartMgr - ok
19:46:28.0062 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:28.0062 1284 ParVdm - ok
19:46:28.0078 1284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:28.0078 1284 PCI - ok
19:46:28.0109 1284 PCIDump - ok
19:46:28.0125 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:28.0125 1284 PCIIde - ok
19:46:28.0156 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:28.0156 1284 Pcmcia - ok
19:46:28.0187 1284 PDCOMP - ok
19:46:28.0203 1284 PDFRAME - ok
19:46:28.0234 1284 PDRELI - ok
19:46:28.0250 1284 PDRFRAME - ok
19:46:28.0328 1284 pepifilter (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys
19:46:28.0328 1284 pepifilter - ok
19:46:28.0343 1284 perc2 - ok
19:46:28.0375 1284 perc2hib - ok
19:46:28.0500 1284 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:46:28.0500 1284 PID_PEPI - ok
19:46:28.0609 1284 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:28.0609 1284 PlugPlay - ok
19:46:28.0656 1284 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:28.0656 1284 PolicyAgent - ok
19:46:28.0734 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:28.0734 1284 PptpMiniport - ok
19:46:28.0765 1284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:46:28.0765 1284 Processor - ok
19:46:28.0796 1284 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:28.0796 1284 ProtectedStorage - ok
19:46:28.0812 1284 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:46:28.0812 1284 Ps2 - ok
19:46:28.0843 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:28.0843 1284 PSched - ok
19:46:28.0859 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:28.0859 1284 Ptilink - ok
19:46:28.0890 1284 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:46:28.0890 1284 PxHelp20 - ok
19:46:28.0921 1284 ql1080 - ok
19:46:28.0937 1284 Ql10wnt - ok
19:46:28.0968 1284 ql12160 - ok
19:46:29.0000 1284 ql1240 - ok
19:46:29.0015 1284 ql1280 - ok
19:46:29.0046 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:29.0046 1284 RasAcd - ok
19:46:29.0125 1284 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:46:29.0125 1284 RasAuto - ok
19:46:29.0140 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:29.0140 1284 Rasl2tp - ok
19:46:29.0218 1284 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:46:29.0218 1284 RasMan - ok
19:46:29.0250 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:29.0250 1284 RasPppoe - ok
19:46:29.0281 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:29.0281 1284 Raspti - ok
19:46:29.0312 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:29.0312 1284 Rdbss - ok
19:46:29.0343 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:29.0343 1284 RDPCDD - ok
19:46:29.0390 1284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:29.0390 1284 rdpdr - ok
19:46:29.0468 1284 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:29.0484 1284 RDPWD - ok
19:46:29.0531 1284 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:46:29.0531 1284 RDSessMgr - ok
19:46:29.0578 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:29.0578 1284 redbook - ok
19:46:29.0671 1284 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:46:29.0671 1284 RemoteAccess - ok
19:46:29.0750 1284 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:46:29.0750 1284 RemoteRegistry - ok
19:46:29.0828 1284 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:46:29.0828 1284 RpcLocator - ok
19:46:29.0875 1284 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:46:29.0875 1284 RpcSs - ok
19:46:29.0921 1284 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:46:29.0937 1284 RSVP - ok
19:46:29.0984 1284 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:46:29.0984 1284 rtl8139 - ok
19:46:30.0015 1284 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:30.0015 1284 SamSs - ok
19:46:30.0156 1284 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:46:30.0156 1284 SASDIFSV - ok
19:46:30.0187 1284 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:46:30.0187 1284 SASKUTIL - ok
19:46:30.0218 1284 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:46:30.0218 1284 SCardSvr - ok
19:46:30.0265 1284 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:46:30.0265 1284 Schedule - ok
19:46:30.0328 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:30.0328 1284 Secdrv - ok
19:46:30.0359 1284 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:46:30.0359 1284 seclogon - ok
19:46:30.0375 1284 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:46:30.0375 1284 SENS - ok
19:46:30.0437 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:46:30.0437 1284 Serial - ok
19:46:30.0531 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:30.0531 1284 Sfloppy - ok
19:46:30.0593 1284 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:46:30.0593 1284 SharedAccess - ok
19:46:30.0671 1284 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:30.0687 1284 ShellHWDetection - ok
19:46:30.0703 1284 Simbad - ok
19:46:30.0781 1284 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
19:46:30.0781 1284 SkypeUpdate - ok
19:46:30.0843 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:46:30.0843 1284 SLIP - ok
19:46:30.0890 1284 Sparrow - ok
19:46:30.0937 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:30.0937 1284 splitter - ok
19:46:30.0984 1284 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:46:31.0000 1284 Spooler - ok
19:46:31.0031 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:31.0031 1284 sr - ok
19:46:31.0093 1284 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:46:31.0093 1284 srservice - ok
19:46:31.0156 1284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:31.0156 1284 Srv - ok
19:46:31.0234 1284 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:46:31.0234 1284 SSDPSRV - ok
19:46:31.0312 1284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:46:31.0312 1284 ssmdrv - ok
19:46:31.0390 1284 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:46:31.0390 1284 stisvc - ok
19:46:31.0437 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:46:31.0437 1284 streamip - ok
19:46:31.0500 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:31.0500 1284 swenum - ok
19:46:31.0562 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:31.0562 1284 swmidi - ok
19:46:31.0562 1284 SwPrv - ok
19:46:31.0609 1284 symc810 - ok
19:46:31.0640 1284 symc8xx - ok
19:46:31.0750 1284 SYMIDSCO - ok
19:46:31.0765 1284 sym_hi - ok
19:46:31.0796 1284 sym_u3 - ok
19:46:31.0859 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:31.0859 1284 sysaudio - ok
19:46:31.0921 1284 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:46:31.0937 1284 SysmonLog - ok
19:46:32.0015 1284 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:46:32.0015 1284 TapiSrv - ok
19:46:32.0062 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:32.0062 1284 Tcpip - ok
19:46:32.0125 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:32.0125 1284 TDPIPE - ok
19:46:32.0187 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:32.0187 1284 TDTCP - ok
19:46:32.0234 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:32.0234 1284 TermDD - ok
19:46:32.0312 1284 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:46:32.0328 1284 TermService - ok
19:46:32.0406 1284 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:32.0406 1284 Themes - ok
19:46:32.0453 1284 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:46:32.0453 1284 TlntSvr - ok
19:46:32.0468 1284 TosIde - ok
19:46:32.0484 1284 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:46:32.0500 1284 TrkWks - ok
19:46:32.0546 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:32.0546 1284 Udfs - ok
19:46:32.0578 1284 ultra - ok
19:46:32.0625 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:32.0625 1284 Update - ok
19:46:32.0703 1284 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:46:32.0703 1284 upnphost - ok
19:46:32.0765 1284 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:46:32.0765 1284 UPS - ok
19:46:32.0843 1284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:46:32.0843 1284 usbaudio - ok
19:46:32.0921 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:32.0921 1284 usbccgp - ok
19:46:33.0000 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:33.0000 1284 usbehci - ok
19:46:33.0046 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:33.0046 1284 usbhub - ok
19:46:33.0109 1284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:46:33.0109 1284 usbohci - ok
19:46:33.0156 1284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:33.0156 1284 usbscan - ok
19:46:33.0171 1284 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:33.0171 1284 usbstor - ok
19:46:33.0187 1284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:33.0187 1284 usbuhci - ok
19:46:33.0250 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:33.0250 1284 VgaSave - ok
19:46:33.0312 1284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:46:33.0312 1284 ViaIde - ok
19:46:33.0359 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:33.0359 1284 VolSnap - ok
19:46:33.0406 1284 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:46:33.0421 1284 VSS - ok
19:46:33.0453 1284 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:46:33.0453 1284 W32Time - ok
19:46:33.0546 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:33.0546 1284 Wanarp - ok
19:46:33.0562 1284 WDICA - ok
19:46:33.0640 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:33.0640 1284 wdmaud - ok
19:46:33.0703 1284 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:46:33.0703 1284 WebClient - ok
19:46:33.0796 1284 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:46:33.0796 1284 winachsx - ok
19:46:33.0921 1284 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:33.0921 1284 winmgmt - ok
19:46:34.0031 1284 WMDM PMSP Service (5b6da8f4f5047d6df51e1c38fc57d4d9) C:\WINDOWS\system32\MsPMSPSv.exe
19:46:34.0031 1284 WMDM PMSP Service - ok
19:46:34.0093 1284 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:46:34.0109 1284 WmdmPmSN - ok
19:46:34.0187 1284 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:46:34.0187 1284 Wmi - ok
19:46:34.0281 1284 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:46:34.0281 1284 WmiApSrv - ok
19:46:34.0484 1284 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:46:34.0484 1284 WMPNetworkSvc - ok
19:46:34.0593 1284 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:46:34.0593 1284 WpdUsb - ok
19:46:34.0875 1284 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:46:34.0875 1284 WPFFontCache_v0400 - ok
19:46:34.0937 1284 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:34.0937 1284 WS2IFSL - ok
19:46:35.0000 1284 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:46:35.0000 1284 wscsvc - ok
19:46:35.0062 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:46:35.0062 1284 WSTCODEC - ok
19:46:35.0125 1284 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:46:35.0125 1284 wuauserv - ok
19:46:35.0187 1284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:35.0187 1284 WudfPf - ok
19:46:35.0265 1284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:35.0265 1284 WudfRd - ok
19:46:35.0328 1284 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:46:35.0328 1284 WudfSvc - ok
19:46:35.0406 1284 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:46:35.0421 1284 WZCSVC - ok
19:46:35.0484 1284 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:46:35.0484 1284 xmlprov - ok
19:46:35.0593 1284 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:46:35.0593 1284 YahooAUService - ok
19:46:35.0671 1284 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
19:46:35.0734 1284 \Device\Harddisk0\DR0 - ok
19:46:35.0750 1284 Boot (0x1200) (c4131d85c64949f0dff2a97b51cb7492) \Device\Harddisk0\DR0\Partition0
19:46:35.0750 1284 \Device\Harddisk0\DR0\Partition0 - ok
19:46:35.0781 1284 Boot (0x1200) (344cd58e6c042cae850bcebb1b79cd68) \Device\Harddisk0\DR0\Partition1
19:46:35.0781 1284 \Device\Harddisk0\DR0\Partition1 - ok
19:46:35.0781 1284 ============================================================
19:46:35.0781 1284 Scan finished
19:46:35.0781 1284 ============================================================
19:46:35.0812 0564 Detected object count: 0
19:46:35.0812 0564 Actual detected object count: 0

#15 philsphan

philsphan
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 June 2012 - 10:05 PM

FYI this was all done is safemode

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 19:59:14
-----------------------------
19:59:14.609 OS Version: Windows 5.1.2600 Service Pack 3
19:59:14.609 Number of processors: 1 586 0x3702
19:59:14.609 ComputerName: DONVEGAS UserName:
19:59:15.171 Initialize success
19:59:45.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
19:59:45.015 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
19:59:45.062 Disk 0 MBR read successfully
19:59:45.062 Disk 0 MBR scan
19:59:45.078 Disk 0 unknown MBR code
19:59:45.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229686 MB offset 63
19:59:45.140 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8778 MB offset 470413440
19:59:45.171 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488391120
19:59:45.187 Disk 0 scanning sectors +488397152
19:59:45.234 Disk 0 scanning C:\WINDOWS\system32\drivers
19:59:56.296 Service scanning
20:00:15.828 Modules scanning
20:00:29.953 Disk 0 trace - called modules:
20:00:30.000 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:00:30.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a661958]
20:00:30.187 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a7459e8]
20:00:30.281 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a744940]
20:00:30.375 Scan finished successfully
20:02:40.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
20:02:40.250 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users