Jump to content

trojan.agent


Recommended Posts

Hi there! Got a problem.. Malwarebytes finds this but isn't able to remove it. Asks to restart, then on another scan, it finds it again... Please help! Thanks! :)

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:34:58 PM, on 8/1/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mwt.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mwt.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKLM\..\Policies\Explorer\Run: [33924] C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8971 bytes

Malware log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.01.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Robbie :: HP [limited]

8/1/2012 6:14:00 PM

mbam-log-2012-08-01 (18-39-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 202556

Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|33924 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Robbie at 19:19:14 on 2012-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1915 [GMT -5:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

mDefault_Page_URL = hxxp://www.mwt.net

mStart Page = hxxp://www.mwt.net

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p

mExplorerRun: [33924] C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.11.1

TCP: Interfaces\{75081439-6511-4FE4-9286-F9DF40E99390} : DhcpNameServer = 192.168.11.1

TCP: Interfaces\{75081439-6511-4FE4-9286-F9DF40E99390}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 10.68.20.108 10.68.20.102

TCP: Interfaces\{75081439-6511-4FE4-9286-F9DF40E99390}\C696E6B6379737 : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{75081439-6511-4FE4-9286-F9DF40E99390}\D427F564275646F503030313 : DhcpNameServer = 192.168.1.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/20 10:19:19];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-1-20 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-7-7 275912]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-2-27 250056]

S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-26 573224]

.

=============== Created Last 30 ================

.

2012-08-01 23:08:45 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-08-01 13:54:38 -------- d-----w- C:\Program Files\Paint.NET

2012-08-01 13:54:04 -------- d-----w- C:\Users\Robbie\AppData\Local\Paint.NET

2012-07-31 13:28:57 134672 ----a-w- C:\Windows\RegBootClean64.exe

2012-07-27 23:11:06 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-07-27 23:11:06 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-07-20 21:21:50 -------- d-----w- C:\Users\Robbie\Calibre Library

2012-07-20 21:21:37 -------- d-----w- C:\Users\Robbie\AppData\Roaming\calibre

2012-07-20 21:10:14 -------- d-----w- C:\Program Files (x86)\Calibre2

2012-07-20 20:47:01 -------- d-----w- C:\Users\Robbie\Books

2012-07-13 00:18:30 -------- d-----w- C:\Program Files (x86)\MyFree Codec

2012-07-12 22:54:42 -------- d-----w- C:\Users\Robbie\AppData\Local\Samsung

2012-07-12 22:54:40 -------- d-----w- C:\Users\Robbie\AppData\Roaming\Samsung

2012-07-12 22:49:12 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-07-12 22:48:46 -------- d-----w- C:\Program Files (x86)\MarkAny

2012-07-12 22:48:45 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2012-07-12 22:48:15 -------- d-----w- C:\ProgramData\Samsung

2012-07-12 22:48:15 -------- d-----w- C:\Program Files (x86)\Samsung

2012-07-09 15:35:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-07 15:56:13 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys

2012-07-07 15:56:13 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys

2012-07-07 15:56:11 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys

2012-07-07 15:56:05 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys

2012-07-07 15:56:05 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys

2012-07-07 15:56:05 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2012-07-07 15:54:58 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat

2012-07-07 15:41:51 -------- d-----w- C:\Program Files (x86)\Trend Micro

.

==================== Find3M ====================

.

2012-08-01 19:05:50 21520 ----a-w- C:\Windows\DCEBoot64.exe

2012-07-17 11:54:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-17 11:54:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-17 13:30:45 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-06-17 13:30:45 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

.

============= FINISH: 19:20:16.95 ===============

Attatch.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2010 4:19:08 PM

System Uptime: 8/1/2012 5:46:35 PM (2 hours ago)

.

Motherboard: Quanta | | 3638

Processor: AMD Turion II Ultra Dual-Core Mobile M600 | Socket S1G3 | 2400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 450 GiB total, 191.574 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 2.519 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart 2570 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart 2570 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart 6510 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Photosmart 6510 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: tmeevw

Device ID: ROOT\LEGACY_TMEEVW\0000

Manufacturer:

Name: tmeevw

PNP Device ID: ROOT\LEGACY_TMEEVW\0000

Service: tmeevw

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart 2570 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart 2570 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP564: 6/28/2012 12:00:01 AM - Scheduled Checkpoint

RP565: 7/5/2012 12:28:36 AM - Scheduled Checkpoint

RP566: 7/12/2012 5:47:32 PM - Installed Samsung Kies

RP567: 7/20/2012 12:00:01 AM - Scheduled Checkpoint

RP568: 7/20/2012 4:09:23 PM - Installed calibre

RP569: 7/27/2012 8:38:04 PM - Scheduled Checkpoint

RP571: 8/1/2012 8:54:09 AM - Paint.NET v3.5.10

.

==== Installed Programs ======================

.

µTorrent

2570

2570_Help

2570Trb

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

AMD USB Filter Driver

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

Audacity 1.3.11 (Unicode)

AutoUpdate

BufferChm

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Copy

CyberLink DVD Suite

DBPix20

Destinations

DeviceDiscovery

DivX

DocProc

DVD Shrink 3.2

ExpertGPS 4.36

Facebook Messenger 2.1.4520.0

FastStone Image Viewer 4.6

Fax

FileHippo.com Update Checker

Free YouTube Downloader Plus V 7.4.0

FrostWire 4.21.8

Garmin BaseCamp

Garmin City Navigator North America NT 2010.40

Garmin Lifetime Updater

Garmin MapSource

Garmin Trip and Waypoint Manager v5

Garmin USB Drivers

Google Earth

Google SketchUp 8

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.1.0

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hoyle Card Games 2010 (remove only)

Hoyle Puzzle & Board Games 2010 (remove only)

Hoyle Slots 2010 (remove only)

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP Quick Launch Buttons

HP Setup

HP Support Assistant

HP Update

HP User Guides 0153

HP Wireless Assistant

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

IDT Audio

Java Auto Updater

Java 6 Update 24

LabelPrint

LAME v3.98.3 for Audacity

LightScribe Applications

LightScribe System Software

LightScribe Template Designs - Animal Pack 1

LightScribe Template Designs - Art Pack 1

LightScribe Template Designs - Athletic Pack 1

LightScribe Template Designs - Fantasy Pack 1

LightScribe Template Designs - Grab Bag Pack 1

LightScribe Template Designs - Hobby Pack 1

LightScribe Template Designs - Music Pack 1

LightScribe Template Designs - Mythology Pack 1

LightScribe Template Designs - Tattoo Pack 1

LightScribe Template Labeler

Louisiana ci20/10

LOUISIANA TOPO

Malwarebytes Anti-Malware version 1.62.0.1300

MapSend Lite

MapSend Manager

MarketResearch

Microsoft Office Access Runtime (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Modern Ballistics

Mozilla Thunderbird 14.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Nero 7 Ultra Edition

Nero BurnLite 10

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

neroxml

PhotoNow!

Pinnacle Instant DVD Recorder

Power2Go

PowerDirector

PowerRecover

QLBCASL

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Samsung Kies

Scan

SeaMonkey (2.9)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shooter for Windows

SmartWebPrinting

SolutionCenter

Status

Studio 10.8 Patch

swMSM

Toolbox

TrayApp

Try Corel Snapfire muvee autoProducer add on

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VantagePoint

VLC media player 2.0.3

Vuze

WebReg

Winamp

Winamp Detector Plug-in

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

Windows Media Encoder 9 Series

WordWeb

XnView 1.97.6

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

8/1/2012 8:35:52 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/1/2012 8:35:52 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/1/2012 8:35:23 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

8/1/2012 6:30:09 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

8/1/2012 6:17:52 PM, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.

8/1/2012 5:51:59 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

8/1/2012 5:48:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/1/2012 5:46:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCLEPCI

8/1/2012 5:46:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/1/2012 5:46:56 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/1/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/1/2012 5:46:43 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/1/2012 2:19:30 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).

7/27/2012 6:07:34 PM, Error: Service Control Manager [7000] - The dgderdrv service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

RogueKiller:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Robbie [Admin rights]

Mode: Scan -- Date: 08/01/2012 19:23:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] HKLM\[...]\Policies\Explorer\Run : 33924 (C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Policies\Explorer\Run : 33924 (C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : c:\users\robbie\appdata\roaming\adobe\plugs --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L --> FOUND

[ZeroAccess][FOLDER] U : c:\users\robbie\appdata\local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\robbie\appdata\local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++

--- User ---

[MBR] d1e41d6eb1523095bbce8e31a6b3dcfc

[bSP] 7642e7a786131a3ca407809e18555274 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460936 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944406528 | Size: 15700 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

Then.................

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 01-08-2012 20:05:06

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304792 2012-02-27] (Trend Micro Inc.)

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213824 2012-02-27] (Trend Micro Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)

HKU\Default\...\Policies\system: [WallpaperStyle] 2

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)

HKU\Default User\...\Policies\system: [WallpaperStyle] 2

HKU\Robbie\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung)

HKU\Robbie\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] ()

HKU\Robbie\...\Policies\system: [WallpaperStyle] 2

HKLM-x32\...\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [217672 2012-07-03] ()

HKLM\...\Policies\Explorer\Run: [33924] C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll

==================== Services (Whitelisted) ======

4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)

4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()

4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

========================== Drivers (Whitelisted) =============

3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2011-11-05] (CSR/PLT)

3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36168 2012-08-01] ()

1 PCLEPCI; C:\Windows\SysWow64\Drivers\PCLEPCI.sys [14165 2005-02-09] (Pinnacle Systems GmbH)

1 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [91920 2012-07-07] (Trend Micro Inc.)

1 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [167696 2012-07-07] (Trend Micro Inc.)

3 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [67344 2012-07-07] (Trend Micro Inc.)

1 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [70928 2012-07-07] (Trend Micro Inc.)

3 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [210704 2012-07-07] (Trend Micro Inc.)

1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-07-07] (Trend Micro Inc.)

2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-09] (CyberLink Corp.)

3 ATICDSDr; \??\C:\Users\Robbie\AppData\Local\Temp\ATICDSDr.sys [x]

3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]

4 eabfiltr; [x]

3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]

3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [x]

2 TMAgent; [x]

3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-01 20:05 - 2012-08-01 20:05 - 00000000 ____D C:\FRST

2012-08-01 16:44 - 2012-08-01 16:44 - 01438391 ____A (Farbar) C:\Users\Robbie\Desktop\FRST64.exe

2012-08-01 16:23 - 2012-08-01 16:23 - 00003058 ____A C:\Users\Robbie\Desktop\RKreport[1].txt

2012-08-01 16:22 - 2012-08-01 16:23 - 00000000 ____D C:\Users\Robbie\Desktop\RK_Quarantine

2012-08-01 16:22 - 2012-08-01 16:22 - 01552384 ____A C:\Users\Robbie\Desktop\RogueKiller.exe

2012-08-01 16:18 - 2012-08-01 16:18 - 00607260 ____R (Swearware) C:\Users\Robbie\Desktop\dds.scr

2012-08-01 16:17 - 2012-08-01 16:17 - 00607260 ____A (Swearware) C:\Users\Robbie\Downloads\dds.scr

2012-08-01 15:34 - 2012-08-01 15:34 - 00002093 ____A C:\Users\Robbie\Desktop\HijackThis.lnk

2012-08-01 15:08 - 2012-08-01 15:08 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-08-01 11:16 - 2012-08-01 11:16 - 00864770 ____A C:\Users\Robbie\AppData\Local\census.cache

2012-08-01 11:15 - 2012-08-01 11:15 - 00130659 ____A C:\Users\Robbie\AppData\Local\ars.cache

2012-08-01 11:07 - 2012-08-01 11:20 - 00000036 ____A C:\Users\Robbie\AppData\Local\housecall.guid.cache

2012-08-01 10:54 - 2012-08-01 10:54 - 00093184 ____A C:\Users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-01 07:02 - 2012-08-01 11:33 - 00000000 ____A C:\Windows\DCEBOOT.LOG

2012-08-01 06:41 - 2012-08-01 11:33 - 00005770 ____A C:\Windows\PFRO.log

2012-08-01 06:41 - 2012-08-01 06:41 - 00350688 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-01 06:40 - 2012-08-01 17:00 - 00001680 ____A C:\Windows\setupact.log

2012-08-01 06:40 - 2012-08-01 06:40 - 00000000 ____A C:\Windows\setuperr.log

2012-08-01 05:54 - 2012-08-01 05:57 - 00000000 ____D C:\Users\Robbie\AppData\Local\Paint.NET

2012-08-01 05:54 - 2012-08-01 05:55 - 00000000 ____D C:\Program Files\Paint.NET

2012-08-01 05:51 - 2012-08-01 05:53 - 03756544 ____A C:\Users\Robbie\Downloads\Paint.NET.3.5.10.Install.exe

2012-07-31 05:28 - 2012-07-31 05:29 - 00134672 ____A C:\Windows\RegBootClean64.exe

2012-07-27 15:11 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-07-27 15:11 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-07-20 13:21 - 2012-07-22 11:51 - 00000000 ____D C:\Users\Robbie\Calibre Library

2012-07-20 13:21 - 2012-07-20 13:30 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\calibre

2012-07-20 13:10 - 2012-07-20 13:10 - 00000000 ____D C:\Program Files (x86)\Calibre2

2012-07-20 12:47 - 2012-07-24 16:24 - 00000000 ____D C:\Users\Robbie\Books

2012-07-18 06:11 - 2012-07-25 19:04 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRobbie.job

2012-07-16 17:35 - 2012-07-31 12:13 - 00000000 ____D C:\Users\Robbie\Desktop\Cuddy

2012-07-12 16:18 - 2012-07-12 16:18 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2012-07-12 15:20 - 2012-08-01 05:25 - 00000000 ____D C:\Users\Robbie\Documents\SelfMV

2012-07-12 14:54 - 2012-07-12 14:54 - 00000000 ____D C:\Users\Robbie\Documents\samsung

2012-07-12 14:54 - 2012-07-12 14:54 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Samsung

2012-07-12 14:54 - 2012-07-12 14:54 - 00000000 ____D C:\Users\Robbie\AppData\Local\Samsung

2012-07-12 14:49 - 2012-06-26 13:03 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2012-07-12 14:48 - 2012-07-12 14:50 - 00000000 ____D C:\Program Files (x86)\Samsung

2012-07-12 14:48 - 2012-07-12 14:49 - 00000000 ____D C:\Users\All Users\Samsung

2012-07-12 14:48 - 2012-07-12 14:48 - 00000000 ____D C:\Program Files (x86)\MarkAny

2012-07-12 14:48 - 2012-06-26 13:02 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll

2012-07-12 05:41 - 2012-07-12 05:41 - 00656377 ____A C:\Users\Robbie\Downloads\BonPlayer-1.3.0.0-setup.exe

2012-07-09 07:35 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-09 07:34 - 2012-07-09 07:34 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Robbie\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-07 07:56 - 2012-07-07 07:41 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys

2012-07-07 07:56 - 2012-07-07 07:41 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-07-07 07:56 - 2012-07-07 07:41 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2012-07-07 07:56 - 2012-07-07 07:41 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2012-07-07 07:56 - 2012-07-07 07:41 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2012-07-07 07:56 - 2012-07-07 07:41 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys

2012-07-07 07:54 - 2012-07-07 07:54 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2012-07-07 07:41 - 2012-08-01 15:34 - 00000000 ____D C:\Program Files (x86)\Trend Micro

============ 3 Months Modified Files ========================

2012-08-01 17:00 - 2012-08-01 06:40 - 00001680 ____A C:\Windows\setupact.log

2012-08-01 16:50 - 2009-07-13 21:13 - 00742252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-01 16:44 - 2012-08-01 16:44 - 01438391 ____A (Farbar) C:\Users\Robbie\Desktop\FRST64.exe

2012-08-01 16:23 - 2012-08-01 16:23 - 00003058 ____A C:\Users\Robbie\Desktop\RKreport[1].txt

2012-08-01 16:22 - 2012-08-01 16:22 - 01552384 ____A C:\Users\Robbie\Desktop\RogueKiller.exe

2012-08-01 16:18 - 2012-08-01 16:18 - 00607260 ____R (Swearware) C:\Users\Robbie\Desktop\dds.scr

2012-08-01 16:17 - 2012-08-01 16:17 - 00607260 ____A (Swearware) C:\Users\Robbie\Downloads\dds.scr

2012-08-01 16:03 - 2012-02-27 12:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-01 15:34 - 2012-08-01 15:34 - 00002093 ____A C:\Users\Robbie\Desktop\HijackThis.lnk

2012-08-01 15:08 - 2012-08-01 15:08 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-08-01 14:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-01 14:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-01 14:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-01 11:33 - 2012-08-01 07:02 - 00000000 ____A C:\Windows\DCEBOOT.LOG

2012-08-01 11:33 - 2012-08-01 06:41 - 00005770 ____A C:\Windows\PFRO.log

2012-08-01 11:20 - 2012-08-01 11:07 - 00000036 ____A C:\Users\Robbie\AppData\Local\housecall.guid.cache

2012-08-01 11:16 - 2012-08-01 11:16 - 00864770 ____A C:\Users\Robbie\AppData\Local\census.cache

2012-08-01 11:15 - 2012-08-01 11:15 - 00130659 ____A C:\Users\Robbie\AppData\Local\ars.cache

2012-08-01 11:05 - 2011-07-08 10:53 - 00021520 ____A C:\Windows\DCEBoot64.exe

2012-08-01 11:02 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-01 10:54 - 2012-08-01 10:54 - 00093184 ____A C:\Users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-01 06:41 - 2012-08-01 06:41 - 00350688 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-01 06:40 - 2012-08-01 06:40 - 00000000 ____A C:\Windows\setuperr.log

2012-08-01 06:27 - 2010-01-10 16:56 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-08-01 05:53 - 2012-08-01 05:51 - 03756544 ____A C:\Users\Robbie\Downloads\Paint.NET.3.5.10.Install.exe

2012-07-31 05:29 - 2012-07-31 05:28 - 00134672 ____A C:\Windows\RegBootClean64.exe

2012-07-27 06:04 - 2012-03-08 23:21 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI

2012-07-25 19:04 - 2012-07-18 06:11 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRobbie.job

2012-07-25 07:31 - 2011-10-26 06:58 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-17 03:54 - 2012-02-27 12:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-17 03:54 - 2011-12-25 06:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 16:17 - 2010-01-09 21:31 - 00009728 ____A C:\Users\Robbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-12 05:41 - 2012-07-12 05:41 - 00656377 ____A C:\Users\Robbie\Downloads\BonPlayer-1.3.0.0-setup.exe

2012-07-09 07:34 - 2012-07-09 07:34 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Robbie\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-07 07:54 - 2012-07-07 07:54 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2012-07-07 07:41 - 2012-07-07 07:56 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys

2012-07-07 07:41 - 2012-07-07 07:56 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-07-07 07:41 - 2012-07-07 07:56 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2012-07-07 07:41 - 2012-07-07 07:56 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2012-07-07 07:41 - 2012-07-07 07:56 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2012-07-07 07:41 - 2012-07-07 07:56 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys

2012-07-03 10:46 - 2012-07-09 07:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-26 13:03 - 2012-07-12 14:49 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2012-06-26 13:02 - 2012-07-12 14:48 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00569344 ____A (© MusicCity) C:\Windows\SysWOW64\muzdecode.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00258048 ____A (© PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00200704 ____A ( © MusicCity) C:\Windows\SysWOW64\muzwmts.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe

2012-06-26 13:02 - 2012-06-26 13:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00131072 ____A (© MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00122880 ____A (© MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00110592 ____A (© MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax

2012-06-26 13:02 - 2012-06-26 13:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx

2012-06-26 13:02 - 2012-06-26 13:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll

2012-06-26 13:02 - 2012-06-26 13:02 - 00030568 ____A () C:\Windows\MusiccityDownload.exe

2012-06-26 13:02 - 2012-06-26 13:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe

2012-06-17 05:30 - 2012-06-17 05:31 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-06-17 05:30 - 2012-06-17 05:30 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-06-17 05:30 - 2012-06-17 05:30 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-06-17 05:30 - 2011-12-18 20:54 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll

2012-06-17 05:30 - 2011-02-21 18:11 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-06-15 13:20 - 2010-01-11 11:25 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-14 03:36 - 2012-04-04 18:47 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3378118443-294144380-135819489-1000UA.job

2012-06-14 03:36 - 2012-04-04 18:47 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3378118443-294144380-135819489-1000Core.job

2012-06-14 03:36 - 2010-03-04 21:06 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-14 03:36 - 2010-03-04 21:06 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-08 10:07 - 2012-06-08 10:07 - 00002714 ____A C:\Users\Robbie\AppData\Local\recently-used.xbel

2012-06-03 23:59 - 2012-07-27 15:11 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-06-03 23:59 - 2012-07-27 15:11 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-05-24 20:45 - 2012-05-24 20:45 - 00000000 ____A C:\Windows\SysWOW64\debug.log

2012-05-17 18:47 - 2012-06-15 13:16 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 18:16 - 2012-06-15 13:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 18:06 - 2012-06-15 13:16 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 17:59 - 2012-06-15 13:16 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 17:59 - 2012-06-15 13:16 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 17:58 - 2012-06-15 13:16 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 17:58 - 2012-06-15 13:16 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 17:56 - 2012-06-15 13:16 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 17:55 - 2012-06-15 13:16 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 17:55 - 2012-06-15 13:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 17:54 - 2012-06-15 13:16 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 17:51 - 2012-06-15 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 17:51 - 2012-06-15 13:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 17:47 - 2012-06-15 13:16 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-17 15:11 - 2012-06-15 13:16 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-05-17 14:48 - 2012-06-15 13:16 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-05-17 14:45 - 2012-06-15 13:16 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-05-17 14:36 - 2012-06-15 13:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-05-17 14:35 - 2012-06-15 13:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-05-17 14:35 - 2012-06-15 13:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-17 14:33 - 2012-06-15 13:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-05-17 14:31 - 2012-06-15 13:16 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-17 14:29 - 2012-06-15 13:16 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-05-17 14:29 - 2012-06-15 13:16 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-05-17 14:27 - 2012-06-15 13:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-05-17 14:25 - 2012-06-15 13:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-05-17 14:24 - 2012-06-15 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-05-17 14:20 - 2012-06-15 13:16 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-05-14 19:41 - 2012-05-02 09:07 - 00000478 ____A C:\Windows\shooterw.INI

2012-05-14 17:32 - 2012-06-13 10:06 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-04 03:06 - 2012-06-13 10:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 03:00 - 2012-06-18 08:43 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2012-05-04 02:03 - 2012-06-13 10:07 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-13 10:07 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-04 01:59 - 2012-06-18 08:43 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

ZeroAccess:

C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}

C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L

C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U

ZeroAccess:

C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}

C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L

C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 3836.2 MB

Available physical RAM: 3121.77 MB

Total Pagefile: 3834.34 MB

Available Pagefile: 3112.26 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:450.13 GB) (Free:191.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

5 Drive h: (USB20FD) (Removable) (Total:14.92 GB) (Free:12.75 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 450 GB 200 MB

Partition 3 Primary 15 GB 450 GB

Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 450 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 5272 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H USB20FD FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 06:43

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-01 20:08:09

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}
C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-01 20:28:49 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20} not found.

==== End of Fixlog ====

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-01 20:57:57 Run:2

Running from H:\

==============================================

C:\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20} moved successfully.

C:\Users\Robbie\AppData\Local\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-31.03 - Robbie 08/01/2012 21:37:58.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2649 [GMT -5:00]

Running from: c:\users\Robbie\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\HP

c:\programdata\HP\Digital Imaging\Data\#Hewlett-Packard#HP Photosmart 2570 series#1302043190_WSInfo.ini

c:\programdata\HP\Digital Imaging\Data\Destination\aiopfl.dll

c:\programdata\HP\Digital Imaging\Data\Destination\profile.cue

c:\programdata\HP\Digital Imaging\Data\hpqd_cul_s.dll

c:\programdata\HP\Digital Imaging\Data\Mars.ini

c:\programdata\HP\Digital Imaging\Data\RedBox.ini

c:\programdata\HP\Digital Imaging\Data\StickySettingUtility.xml

c:\programdata\HP\Digital Imaging\Data\WSInfo.ini

c:\programdata\HP\Digital Imaging\hp Photosmart 2570 series\1302043190\Data\1302043190.ini

c:\programdata\HP\Digital Imaging\hp Photosmart 2570 series\1302043190\Data\ScanTo.ini

c:\programdata\HP\HelpViewer\HV_Preferences.ini

c:\programdata\HP\HelpViewer\HVdummy.dll

c:\programdata\HP\HP Photosmart 6510 series\Help\sysparm.xml

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1025\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1028\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1029\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1030\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1031\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1032\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1033\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1034\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1035\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1036\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1037\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1038\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1040\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1041\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1042\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1043\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1044\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1045\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1046\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1049\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1053\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\1055\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\Installer\Help\2052\HP_Setup_Help.chm

c:\programdata\HP\HP Photosmart 6510 series\NetworkDevices\CN1C54328S05QB.ini

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\Calibration\CalibrationManifest.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\DevMgmt\ConsumableConfigCap.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\DevMgmt\DiscoveryTree.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\DevMgmt\InternalPrintCap.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\DevMgmt\ProductConfigCap.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\ePrint\ePrintConfigCap.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\ePrint\ePrintManifest.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\IoMgmt\IoMgmtManifest.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\Scan\ScanCaps.xml

c:\programdata\HP\HP Photosmart 6510 series\XmlFileCache\CN1C54328S05QB\WalkupScanToComp\WalkupScanToCompCaps

c:\programdata\HP\Installer\Temp\hpoAIO_scan.log

c:\programdata\HP\Installer\Temp\hpoBufferChm.log

c:\programdata\HP\Installer\Temp\hpoCopy.log

c:\programdata\HP\Installer\Temp\hpoDestinations_msi.log

c:\programdata\HP\Installer\Temp\hpoDeviceDiscovery.log

c:\programdata\HP\Installer\Temp\hpoDISK1.log

c:\programdata\HP\Installer\Temp\hpoDocProc_msi.log

c:\programdata\HP\Installer\Temp\hpoDTSS.log

c:\programdata\HP\Installer\Temp\hpoFax.log

c:\programdata\HP\Installer\Temp\hpoGPBaseService2.log

c:\programdata\HP\Installer\Temp\hpohpphotosmartdisclabelcontent1.log

c:\programdata\HP\Installer\Temp\hpoHPPhotoSmartEssential.log

c:\programdata\HP\Installer\Temp\hpoHPProductAssistant.log

c:\programdata\HP\Installer\Temp\hpoMarketResearch.log

c:\programdata\HP\Installer\Temp\hpoMSI_CIOUM64.log

c:\programdata\HP\Installer\Temp\hpoNetwork64.log

c:\programdata\HP\Installer\Temp\hpoproducthelp.log

c:\programdata\HP\Installer\Temp\hpoScan.log

c:\programdata\HP\Installer\Temp\hpoSolutionCenter.log

c:\programdata\HP\Installer\Temp\hpostatus.log

c:\programdata\HP\Installer\Temp\hpoToolbox.log

c:\programdata\HP\Installer\Temp\hpoTrayApp.log

c:\programdata\HP\Installer\Temp\hpoUnloadSupport.log

c:\programdata\HP\Installer\Temp\hpoWebReg.log

c:\programdata\HP\Installer\Temp\hpqbhp000.log

c:\programdata\HP\Installer\Temp\hpqbhp001.log

c:\programdata\HP\Installer\Temp\hpqbud16.dat

c:\programdata\HP\Installer\Temp\hpqWebPrinting.log

c:\programdata\HP\Installer\Temp\hpz_UC_{fe9b929e-3baf-40b1-bffc-3a078abaa0c8}_PC_{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}_uninstall.log

c:\programdata\HP\Installer\Temp\hpzarp000.log

c:\programdata\HP\Installer\Temp\hpzarp001.log

c:\programdata\HP\Installer\Temp\hpzarp002.log

c:\programdata\HP\Installer\Temp\hpzarp003.log

c:\programdata\HP\Installer\Temp\hpzarp004.log

c:\programdata\HP\Installer\Temp\hpzarp005.log

c:\programdata\HP\Installer\Temp\hpzarp006.log

c:\programdata\HP\Installer\Temp\hpzcdl000.log

c:\programdata\HP\Installer\Temp\hpzcdl001.log

c:\programdata\HP\Installer\Temp\hpzcdl002.log

c:\programdata\HP\Installer\Temp\hpzchk000.log

c:\programdata\HP\Installer\Temp\hpzchk001.log

c:\programdata\HP\Installer\Temp\hpzchk002.log

c:\programdata\HP\Installer\Temp\hpzdui000.log

c:\programdata\HP\Installer\Temp\hpzfwx000.log

c:\programdata\HP\Installer\Temp\hpzfwx001.log

c:\programdata\HP\Installer\Temp\hpzfwx002.log

c:\programdata\HP\Installer\Temp\hpzmsi000.log

c:\programdata\HP\Installer\Temp\hpzmsi001.log

c:\programdata\HP\Installer\Temp\hpzmsi002.log

c:\programdata\HP\Installer\Temp\hpzmsi003.log

c:\programdata\HP\Installer\Temp\hpzmsi004.log

c:\programdata\HP\Installer\Temp\hpzmsi005.log

c:\programdata\HP\Installer\Temp\hpzmsi006.log

c:\programdata\HP\Installer\Temp\hpzmsi007.log

c:\programdata\HP\Installer\Temp\hpzmsi008.log

c:\programdata\HP\Installer\Temp\hpzmsi009.log

c:\programdata\HP\Installer\Temp\hpzmsi01.exe

c:\programdata\HP\Installer\Temp\hpzmsi010.log

c:\programdata\HP\Installer\Temp\hpzmsi011.log

c:\programdata\HP\Installer\Temp\hpzmsi012.log

c:\programdata\HP\Installer\Temp\hpzmsi013.log

c:\programdata\HP\Installer\Temp\hpzmsi014.log

c:\programdata\HP\Installer\Temp\hpzmsi015.log

c:\programdata\HP\Installer\Temp\hpzmsi016.log

c:\programdata\HP\Installer\Temp\hpzmsi017.log

c:\programdata\HP\Installer\Temp\hpzmsi018.log

c:\programdata\HP\Installer\Temp\hpznop000.log

c:\programdata\HP\Installer\Temp\hpznop001.log

c:\programdata\HP\Installer\Temp\hpznop002.log

c:\programdata\HP\Installer\Temp\HPZNOP003.log

c:\programdata\HP\Installer\Temp\hpznop004.log

c:\programdata\HP\Installer\Temp\hpznop005.log

c:\programdata\HP\Installer\Temp\hpznop006.log

c:\programdata\HP\Installer\Temp\hpznop007.log

c:\programdata\HP\Installer\Temp\hpznop008.log

c:\programdata\HP\Installer\Temp\hpznui000.log

c:\programdata\HP\Installer\Temp\hpzpnp000.log

c:\programdata\HP\Installer\Temp\hpzpnp001.log

c:\programdata\HP\Installer\Temp\hpzpnp002.log

c:\programdata\HP\Installer\Temp\hpzpnp003.log

c:\programdata\HP\Installer\Temp\hpzpnp004.log

c:\programdata\HP\Installer\Temp\hpzprl000.log

c:\programdata\HP\Installer\Temp\hpzprl001.log

c:\programdata\HP\Installer\Temp\hpzprl002.log

c:\programdata\HP\Installer\Temp\hpzprl003.log

c:\programdata\HP\Installer\Temp\hpzprl004.log

c:\programdata\HP\Installer\Temp\hpzprl005.log

c:\programdata\HP\Installer\Temp\hpzprl006.log

c:\programdata\HP\Installer\Temp\hpzprl007.log

c:\programdata\HP\Installer\Temp\hpzprl008.log

c:\programdata\HP\Installer\Temp\hpzprl009.log

c:\programdata\HP\Installer\Temp\hpzprl010.log

c:\programdata\HP\Installer\Temp\hpzprl011.log

c:\programdata\HP\Installer\Temp\hpzprl012.log

c:\programdata\HP\Installer\Temp\hpzprl013.log

c:\programdata\HP\Installer\Temp\hpzpsc000.log

c:\programdata\HP\Installer\Temp\hpzpsc001.log

c:\programdata\HP\Installer\Temp\hpzpsc002.log

c:\programdata\HP\Installer\Temp\hpzpsl000.log

c:\programdata\HP\Installer\Temp\hpzrcn000.log

c:\programdata\HP\Installer\Temp\hpzrcv000.log

c:\programdata\HP\Installer\Temp\hpzrcv001.log

c:\programdata\HP\Installer\Temp\hpzrcv002.log

c:\programdata\HP\Installer\Temp\hpzrcv003.log

c:\programdata\HP\Installer\Temp\hpzrei000.log

c:\programdata\HP\Installer\Temp\HPZREI001.log

c:\programdata\HP\Installer\Temp\hpzscr000.log

c:\programdata\HP\Installer\Temp\hpzscr001.log

c:\programdata\HP\Installer\Temp\hpzscr01.EXE

c:\programdata\HP\Installer\Temp\Hpzset000.log

c:\programdata\HP\Installer\Temp\Hpzset001.log

c:\programdata\HP\Installer\Temp\Hpzset002.log

c:\programdata\HP\Installer\Temp\Hpzset003.log

c:\programdata\HP\Installer\Temp\Hpzset004.log

c:\programdata\HP\Installer\Temp\Hpzset005.log

c:\programdata\HP\Installer\Temp\Hpzset006.log

c:\programdata\HP\Installer\Temp\Hpzset007.log

c:\programdata\HP\Installer\Temp\hpzset008.log

c:\programdata\HP\Installer\Temp\hpzset009.log

c:\programdata\HP\Installer\Temp\hpzset010.log

c:\programdata\HP\Installer\Temp\hpzset011.log

c:\programdata\HP\Installer\Temp\hpzset012.log

c:\programdata\HP\Installer\Temp\hpzset013.log

c:\programdata\HP\Installer\Temp\hpzset014.log

c:\programdata\HP\Installer\Temp\hpzset015.log

c:\programdata\HP\Installer\Temp\hpzset016.log

c:\programdata\HP\Installer\Temp\hpzset017.log

c:\programdata\HP\Installer\Temp\hpzset018.log

c:\programdata\HP\Installer\Temp\hpzset019.log

c:\programdata\HP\Installer\Temp\hpzset020.log

c:\programdata\HP\Installer\Temp\hpzset021.log

c:\programdata\HP\Installer\Temp\hpzset022.log

c:\programdata\HP\Installer\Temp\hpzset023.log

c:\programdata\HP\Installer\Temp\hpzset024.log

c:\programdata\HP\Installer\Temp\hpzshl000.log

c:\programdata\HP\Installer\Temp\hpzshl001.log

c:\programdata\HP\Installer\Temp\hpzshl002.log

c:\programdata\HP\Installer\Temp\hpzshl003.log

c:\programdata\HP\Installer\Temp\hpzshl004.log

c:\programdata\HP\Installer\Temp\hpzshl005.log

c:\programdata\HP\Installer\Temp\hpzshl006.log

c:\programdata\HP\Installer\Temp\hpzshl007.log

c:\programdata\HP\Installer\Temp\hpzshl008.log

c:\programdata\HP\Installer\Temp\hpzshl009.log

c:\programdata\HP\Installer\Temp\hpzshl010.log

c:\programdata\HP\Installer\Temp\hpzshl011.log

c:\programdata\HP\Installer\Temp\hpzshl012.log

c:\programdata\HP\Installer\Temp\hpzshl013.log

c:\programdata\HP\Installer\Temp\hpzshl014.log

c:\programdata\HP\Installer\Temp\hpzshl015.log

c:\programdata\HP\Installer\Temp\hpzshl016.log

c:\programdata\HP\Installer\Temp\hpzstu000.log

c:\programdata\HP\Installer\Temp\hpzstu001.log

c:\programdata\HP\Installer\Temp\hpzwis000.log

c:\programdata\HP\Installer\Temp\hpzwrp000.log

c:\programdata\HP\Installer\Temp\hpzwrp001.log

c:\programdata\HP\Installer\Temp\hpzwrp002.log

c:\programdata\HP\Installer\Temp\hpzwrp003.log

c:\programdata\HP\Installer\Temp\hpzwrp004.log

c:\programdata\HP\Installer\Temp\hpzwrp005.log

c:\programdata\HP\Installer\Temp\hpzwrp006.log

c:\programdata\HP\Installer\Temp\hpzwrp007.log

c:\programdata\HP\Installer\Temp\hpzwup000.log

c:\programdata\HP\Installer\Temp\isdialogbanner.jpg

c:\programdata\HP\Installer\Temp\isdialogbitmap.jpg

c:\programdata\HP\Installer\Temp\setup0000.log

c:\programdata\HP\Installer\Temp\Setup0001.log

c:\programdata\HP\Installer\Temp\setup0002.log

c:\programdata\HP\LGT 2.0\data\hplgtv_ENU.dll

c:\programdata\HP\LGT 2.0\data\hplgtv_links.dll

c:\programdata\HP\LGT 2.0\data\hplgtv_plugin.dll

c:\programdata\HP\LGT 2.0\data\hplgtv_uicfg.dll

c:\programdata\HP\LGT 2.0\data\Hpqfeedback-lgt.cfg

c:\programdata\HP\LGT 2.0\data\hpqprivacy.cfg

c:\programdata\HP\LGT 2.0\data\Languages\en_ww\hplgtv_uienu.dll

c:\programdata\HP\LGT 2.0\data\Languages\en_ww\Troubleshooter.xml

c:\programdata\HP\LGT 2.0\data\Plugins.cfg

c:\programdata\HP\LGT 2.0\data\templates\AdvancedTable.tpl

c:\programdata\HP\LGT 2.0\data\templates\Breadcrumbs.tpl

c:\programdata\HP\LGT 2.0\data\templates\BrowserInterfaceBase.html

c:\programdata\HP\LGT 2.0\data\templates\Buttons.tpl

c:\programdata\HP\LGT 2.0\data\templates\CollectEvidenceState.tpl

c:\programdata\HP\LGT 2.0\data\templates\DoubleDialog.html

c:\programdata\HP\LGT 2.0\data\templates\EvidenceAdvancedTable.tpl

c:\programdata\HP\LGT 2.0\data\templates\ExitDialog.html

c:\programdata\HP\LGT 2.0\data\templates\expandCollapseEx.js

c:\programdata\HP\LGT 2.0\data\templates\FrameBase.html

c:\programdata\HP\LGT 2.0\data\templates\FramedFrameBase.html

c:\programdata\HP\LGT 2.0\data\templates\HelpState.tpl

c:\programdata\HP\LGT 2.0\data\templates\hpDocument.css

c:\programdata\HP\LGT 2.0\data\templates\hplgtv_template.dll

c:\programdata\HP\LGT 2.0\data\templates\HPNoModelState.tpl

c:\programdata\HP\LGT 2.0\data\templates\HPStartState.tpl

c:\programdata\HP\LGT 2.0\data\templates\Images\back_disabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\back_enabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\back_enabled_clicked.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\back_enabled_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\background_bottom_slim.png

c:\programdata\HP\LGT 2.0\data\templates\Images\background_middle.png

c:\programdata\HP\LGT 2.0\data\templates\Images\background_top.png

c:\programdata\HP\LGT 2.0\data\templates\Images\begining-grayed-out.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\begining_disabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\begining_enabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\begining_enabled_clicked.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\begining_enabled_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\blue_arrow.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_clicked_l.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_clicked_m.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_clicked_r.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_enabled_l.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_enabled_m.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_enabled_r.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_l.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_l_grayed.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_l_hot.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_m.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_m_grayed.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_m_hot.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_r.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_r_grayed.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_r_hot.png

c:\programdata\HP\LGT 2.0\data\templates\Images\button_rollover_l.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_rollover_m.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\button_rollover_r.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\check_box.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\check_box_checked.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\check_box_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\checkbox_selected.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\checkbox_unselected.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\close_button.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\close_button.png

c:\programdata\HP\LGT 2.0\data\templates\Images\close_button_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\close_button_rollover.png

c:\programdata\HP\LGT 2.0\data\templates\Images\collapsed.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\default_size_banner.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\expanded.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\forward.png

c:\programdata\HP\LGT 2.0\data\templates\Images\forward_disabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\forward_enabled.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\forward_enabled_clicked.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\forward_enabled_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\hp_Background.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\hp_Background_full.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\hp_logo.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\hp_logo.png

c:\programdata\HP\LGT 2.0\data\templates\Images\hplgtv_timages.dll

c:\programdata\HP\LGT 2.0\data\templates\Images\icon_caution_color.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\icon_warning_color.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\LGT_secondary_dialog_bg.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\magic_wand.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\magic_wand.png

c:\programdata\HP\LGT 2.0\data\templates\Images\magic_wand_black_bg.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\maximize_button.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\maximize_button.png

c:\programdata\HP\LGT 2.0\data\templates\Images\maximize_button_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\maximize_button_rollover.png

c:\programdata\HP\LGT 2.0\data\templates\Images\maximum_size_banner.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\minimize_button.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\minimize_button.png

c:\programdata\HP\LGT 2.0\data\templates\Images\minimize_button_rollover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\minimize_button_rollover.png

c:\programdata\HP\LGT 2.0\data\templates\Images\online_content_small.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\projector_icon.jpg

c:\programdata\HP\LGT 2.0\data\templates\Images\question.bmp

c:\programdata\HP\LGT 2.0\data\templates\Images\RightArrow.jpg

c:\programdata\HP\LGT 2.0\data\templates\Images\secondary_dialog_x.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\secondary_dialog_x_hover.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\small_simple_arrow.png

c:\programdata\HP\LGT 2.0\data\templates\Images\spacer.gif

c:\programdata\HP\LGT 2.0\data\templates\Images\status_green_medium.png

c:\programdata\HP\LGT 2.0\data\templates\Images\status_informational_medium.bmp

c:\programdata\HP\LGT 2.0\data\templates\Images\status_unknown_medium.bmp

c:\programdata\HP\LGT 2.0\data\templates\Images\top_banner_left.png

c:\programdata\HP\LGT 2.0\data\templates\Images\top_banner_middle.png

c:\programdata\HP\LGT 2.0\data\templates\Images\top_banner_right.png

c:\programdata\HP\LGT 2.0\data\templates\Images\top_header_l.png

c:\programdata\HP\LGT 2.0\data\templates\Images\top_header_m.png

c:\programdata\HP\LGT 2.0\data\templates\Images\topbanner_middle.png

c:\programdata\HP\LGT 2.0\data\templates\Images\warning!.png

c:\programdata\HP\LGT 2.0\data\templates\Images\white_arrow.gif

c:\programdata\HP\LGT 2.0\data\templates\InformationAdvancedTable.tpl

c:\programdata\HP\LGT 2.0\data\templates\MoreInfoDialog.html

c:\programdata\HP\LGT 2.0\data\templates\OnlineUpdate.html

c:\programdata\HP\LGT 2.0\data\templates\PerformedSteps.tpl

c:\programdata\HP\LGT 2.0\data\templates\PhoneCodeDialog.html

c:\programdata\HP\LGT 2.0\data\templates\RebootDialog.html

c:\programdata\HP\LGT 2.0\data\templates\SelectTaskState.tpl

c:\programdata\HP\LGT 2.0\data\templates\style.css

c:\programdata\HP\LGT 2.0\data\templates\TroubleshooterState.tpl

c:\programdata\HP\LGT 2.0\data\Troubleshooter.cfg

c:\programdata\HP\LGT\Data\Evidencecollectors\EvidenceCollector.dll

c:\programdata\HP\LGT\Data\Evidencecollectors\EvidenceCollectorDebug.dll

c:\programdata\HP\LGT\Data\Evidencecollectors\GeneralEvidenceCollector.dll

c:\programdata\HP\LGT\Data\Evidencecollectors\ProductEventEvidenceCollector.dll

c:\programdata\HP\LGT\Data\GeneralEvidence.xml

c:\programdata\HP\LGT\Data\hplgtv_encfg.dll

c:\programdata\HP\LGT\Data\hplgtv_ENU.dll

c:\programdata\HP\LGT\Data\hplgtv_root.dll

c:\programdata\HP\LGT\Data\Hpqfeedback-lgt.cfg

c:\programdata\HP\LGT\Data\hpqprivacy.cfg

c:\programdata\HP\LGT\Data\Languages\en_ww\hplgtv_enxml.dll

c:\programdata\HP\LGT\Data\Languages\en_ww\Troubleshooter.xml

c:\programdata\HP\LGT\Data\Models\ADF-Merlion_Categories_1.lng

c:\programdata\HP\LGT\Data\Models\adf.cfg

c:\programdata\HP\LGT\Data\Models\ADF.lng

c:\programdata\HP\LGT\Data\Models\ADF.net

c:\programdata\HP\LGT\Data\Models\adf_products.xml

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor-sl.lng

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor-sl.net

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor-sl_products.xml

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor.cfg

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor.lng

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor.net

c:\programdata\HP\LGT\Data\Models\calibration-spotsensor_products.xml

c:\programdata\HP\LGT\Data\Models\camera-legacy.cfg

c:\programdata\HP\LGT\Data\Models\camera-legacy.lng

c:\programdata\HP\LGT\Data\Models\camera-legacy.net

c:\programdata\HP\LGT\Data\Models\camera-legacy_products.xml

c:\programdata\HP\LGT\Data\Models\carriage-sl.lng

c:\programdata\HP\LGT\Data\Models\carriage-sl.net

c:\programdata\HP\LGT\Data\Models\carriage-sl_products.xml

c:\programdata\HP\LGT\Data\Models\carriage.cfg

c:\programdata\HP\LGT\Data\Models\carriage.lng

c:\programdata\HP\LGT\Data\Models\carriage.net

c:\programdata\HP\LGT\Data\Models\carriage_products.xml

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 1.lng

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 1.net

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 2.lng

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 2.net

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 3.lng

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 3.net

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 4.lng

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC 4.net

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC unknown.lng

c:\programdata\HP\LGT\Data\Models\Event code 1, EEC unknown.net

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 1.lng

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 1.net

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 2.lng

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 2.net

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 3.lng

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 3.net

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 4.lng

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC 4.net

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC unknown.lng

c:\programdata\HP\LGT\Data\Models\Event code 28, EEC unknown.net

c:\programdata\HP\LGT\Data\Models\fax.cfg

c:\programdata\HP\LGT\Data\Models\fax.lng

c:\programdata\HP\LGT\Data\Models\Fax.net

c:\programdata\HP\LGT\Data\Models\fax_products.xml

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 0,5,6,28,29.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 0,5,6,28,29.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 12.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 12.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 13.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 13.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 17,22,27.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 17,22,27.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 18.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 18.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 19,24.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 19,24.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 20.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 20.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 23,26.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 23,26.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 25.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 25.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 27.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 27.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 4.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 4.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 7.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 7.net

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 8,9,10,11,14,15,16.lng

c:\programdata\HP\LGT\Data\Models\Hathi - Event Code 8,9,10,11,14,15,16.net

c:\programdata\HP\LGT\Data\Models\Hathi - No Events.lng

c:\programdata\HP\LGT\Data\Models\Hathi - No Events.net

c:\programdata\HP\LGT\Data\Models\hpqlgt01.dll

c:\programdata\HP\LGT\Data\Models\hpqlgt02.dll

c:\programdata\HP\LGT\Data\Models\hpqlgtmlt.xml

c:\programdata\HP\LGT\Data\Models\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\6000\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\6000\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\6000\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\6000\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\6000\tray_output_extension_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\6000\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\6500\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\6500\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\6500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\6500\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\6500\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\6500\tray_output_ext_pullout.gif

c:\programdata\HP\LGT\Data\Models\Images\6500\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\button_cancel.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\8000\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\tray_output_extension_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\8000\tray2_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\adf_access1.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\adf_access2.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\adf_clean_strip.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\adf_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\adf_load_paper.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\faceplate_06b.jpg

c:\programdata\HP\LGT\Data\Models\Images\8500\faxsetup_dedicated.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\faxsetup_shared_line.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\feeder_jam.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\8500\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\tray_output_extension_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\tray2_load_media.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\tray2_output_extension_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\8500\tray2_pull_out.gif

c:\programdata\HP\LGT\Data\Models\Images\adhoc_connection.jpg

c:\programdata\HP\LGT\Data\Models\Images\automatic_feeder.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_4x6.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_5x7.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_create.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_print.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_save.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_share.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\icon_express_view.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\ld_papr1.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ld_papr2.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ld_papr3.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ld_photo.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\model_version.dll

c:\programdata\HP\LGT\Data\Models\Images\B8500\pbin_flp.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\pbin_up.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\push_tab.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\remove_cap.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\remove_plastic.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\top_dn.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\top_up3.png

c:\programdata\HP\LGT\Data\Models\Images\B8500\ty_extended_output_tray.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ty_load_main_tray_small.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ty_load_paper_3_small.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8500\ty_remove_out_tray_a.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\B8800\model_version.dll

c:\programdata\HP\LGT\Data\Models\Images\B8800\resume.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\shakeIC.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_extended_output_tray.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_install_ink_BW.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_load_13x19_3.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_load_13x19_nobubble.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_load_main_tray_small.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_load_paper_3_small.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_open_ink_door.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_open_special_tray_1.jpg

c:\programdata\HP\LGT\Data\Models\Images\B8800\ty_remove_out_tray_a.jpg

c:\programdata\HP\LGT\Data\Models\Images\back_cvr.jpg

c:\programdata\HP\LGT\Data\Models\Images\c00579874.jpg

c:\programdata\HP\LGT\Data\Models\Images\c00725058.gif

c:\programdata\HP\LGT\Data\Models\Images\c00845897.gif

c:\programdata\HP\LGT\Data\Models\Images\C309\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\C309\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C309\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C309\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C309\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C309\ld_photo_in_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C309\ld_photo_paper_guide.png

c:\programdata\HP\LGT\Data\Models\Images\C309\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C309\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C309\setup_icon.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\copy4x6.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C4340\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_photo_in_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_photo_in_tray2.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_photo_paper_guide.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C4340\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\copy4x6.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C4400\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_photo_in_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_photo_in_tray2.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_photo_paper_guide.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\C4400\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\copy4x6.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C4500\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_photo_in_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_photo_in_tray2.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_photo_paper_guide.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\C4500\wireless_radio.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C4600\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\ld_photo_in_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C4600\ld_photo_paper_guide.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\CGDPhotoMode.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C5300\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_papr1.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_photo.jpg

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_photo1.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_photo2.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_photo3.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\pbin_flp.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\photo_tray_down.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\photo_tray_up.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\push_tab.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\remove_cap.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\remove_plastic.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\setup_icon.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\top_dn.png

c:\programdata\HP\LGT\Data\Models\Images\C5300\top_up3.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\CGDPhotoMode.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C5500\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_papr1.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_photo.jpg

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_photo1.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_photo2.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_photo3.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\pbin_flp.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\photo_tray_down.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\photo_tray_up.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C5500\setup_icon.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\CGDPhotoMode.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\C6300\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_papr1.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_photo.jpg

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_photo1.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_photo2.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_photo3.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\ld_scan_photo.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\pbin_flp.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\photo_tray_down.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\photo_tray_up.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\push_tab.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\remove_cap.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\remove_plastic.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\setup_icon.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\top_dn.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\top_up3.png

c:\programdata\HP\LGT\Data\Models\Images\C6300\wireless_radio.png

c:\programdata\HP\LGT\Data\Models\Images\check_eletrical_connection.jpg

c:\programdata\HP\LGT\Data\Models\Images\check_paper_in_tray1.jpg

c:\programdata\HP\LGT\Data\Models\Images\check_paper_in_tray2.jpg

c:\programdata\HP\LGT\Data\Models\Images\clear_paper_from_rear_access_door.jpg

c:\programdata\HP\LGT\Data\Models\Images\connect_network.jpg

c:\programdata\HP\LGT\Data\Models\Images\connect_usb.jpg

c:\programdata\HP\LGT\Data\Models\Images\connect_wired1.jpg

c:\programdata\HP\LGT\Data\Models\Images\connect_wired2.jpg

c:\programdata\HP\LGT\Data\Models\Images\connect_wired3.jpg

c:\programdata\HP\LGT\Data\Models\Images\D1500\cartridge_contacts_nozzles.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\cartridge_insert.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\cartridge_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\cartridge_remove_tape.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D1500\load_paper.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\load_small_media.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\D1500\rear_door_replace.gif

c:\programdata\HP\LGT\Data\Models\Images\D2500\cartridge_contacts_nozzles.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\cartridge_insert.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\cartridge_remove.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\cartridge_remove_tape.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D2500\load_paper.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\load_small_media.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\rear_door_remove.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2500\rear_door_replace.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2600\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D2600\load_paper.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2600\rear_door_remove.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2600\rear_door_replace.jpg

c:\programdata\HP\LGT\Data\Models\Images\D2600\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\D4300\cartridge_insert.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\cartridge_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\cartridge_remove_tape.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D4300\load_paper.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\load_paper_2.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\load_small_media_1.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\rear_door_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\D4300\rear_door_replace.gif

c:\programdata\HP\LGT\Data\Models\Images\D5400\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\CGDPhotoMode.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D5400\icon_express_4x6.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\icon_express_5x7.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_papr1.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_photo1.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_photo2.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\ld_photo3.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\pbin_flp.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\photo_tray_down.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\photo_tray_up.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\push_tab.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\remove_cap.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\remove_plastic.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\top_dn.png

c:\programdata\HP\LGT\Data\Models\Images\D5400\top_up3.png

c:\programdata\HP\LGT\Data\Models\Images\D730\cartridge_contacts_nozzles.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\cartridge_insert.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\cartridge_remove.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\cartridge_remove_tape.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D730\load_paper.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\load_small_media.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\rear_door_remove.jpg

c:\programdata\HP\LGT\Data\Models\Images\D730\rear_door_replace.jpg

c:\programdata\HP\LGT\Data\Models\Images\D7500\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\D7500\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_papr1.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_photo1.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_photo2.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\ld_photo3.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\pbin_flp.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\photo_tray_down.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\photo_tray_up.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\push_tab.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\remove_cap.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\remove_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\remove_plastic.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\replace_out_tray.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\setup_icon.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\top_dn.png

c:\programdata\HP\LGT\Data\Models\Images\D7500\top_up3.png

c:\programdata\HP\LGT\Data\Models\Images\device_manager_unknown_device.jpg

c:\programdata\HP\LGT\Data\Models\Images\DiagCheck_RightDriver.jpg

c:\programdata\HP\LGT\Data\Models\Images\F2200\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\F2200\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\ld_photo.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\ld_scan.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\photo_tab.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\F2200\tray_flp.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\4x6_align_proper_borderless.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\back_cvr_Close.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\copy4x6.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\fjam_door_close.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\fjam_door_open.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\F4200\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\ld_photo.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\ld_scan.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\F4200\tray_flp.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\F4400\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\ld_photo.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\F4400\tray_flp.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\back_cvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\F44000\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\ld_photo.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\F44000\tray_flp.png

c:\programdata\HP\LGT\Data\Models\Images\F735\4x6_align_proper_borderless.png

c:\programdata\HP\LGT\Data\Models\Images\F735\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\F735\back_cvr_Close.png

c:\programdata\HP\LGT\Data\Models\Images\F735\copy4x6.png

c:\programdata\HP\LGT\Data\Models\Images\F735\fcvr_ajr.png

c:\programdata\HP\LGT\Data\Models\Images\F735\fcvr_close.png

c:\programdata\HP\LGT\Data\Models\Images\F735\fjam_door_close.png

c:\programdata\HP\LGT\Data\Models\Images\F735\fjam_door_open.png

c:\programdata\HP\LGT\Data\Models\Images\F735\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\F735\ink_blk1.png

c:\programdata\HP\LGT\Data\Models\Images\F735\inkcart4.png

c:\programdata\HP\LGT\Data\Models\Images\F735\ld_papr2.png

c:\programdata\HP\LGT\Data\Models\Images\F735\ld_papr3.png

c:\programdata\HP\LGT\Data\Models\Images\F735\ld_papr4.png

c:\programdata\HP\LGT\Data\Models\Images\F735\ld_photo.png

c:\programdata\HP\LGT\Data\Models\Images\F735\ld_scan.png

c:\programdata\HP\LGT\Data\Models\Images\F735\notouch.png

c:\programdata\HP\LGT\Data\Models\Images\F735\release_pcart.png

c:\programdata\HP\LGT\Data\Models\Images\F735\selftest_report.png

c:\programdata\HP\LGT\Data\Models\Images\F735\tray_flp.png

c:\programdata\HP\LGT\Data\Models\Images\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\feeder_jam_core.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\adf_access1.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\adf_access2.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\adf_clean_strip.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\adf_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\adf_load_paper.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\arrowD.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\arrowL.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\arrowR.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\arrowU.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\back_button.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\back_cvr.png

c:\programdata\HP\LGT\Data\Models\Images\generic\back_unselected.png

c:\programdata\HP\LGT\Data\Models\Images\generic\beginning_unselected.png

c:\programdata\HP\LGT\Data\Models\Images\generic\bguide_icon.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\cart-door_medley.png

c:\programdata\HP\LGT\Data\Models\Images\generic\cart-door_medley_final.png

c:\programdata\HP\LGT\Data\Models\Images\generic\device_help_icon.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\faceplate_06b.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\faxsetup_dedicated.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\faxsetup_shared_line.gif

c:\programdata\HP\LGT\Data\Models\Images\generic\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\generic_trays.png

c:\programdata\HP\LGT\Data\Models\Images\generic\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\generic\icon_tasktray.png

c:\programdata\HP\LGT\Data\Models\Images\generic\online_help_icon.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\print_borderless.png

c:\programdata\HP\LGT\Data\Models\Images\generic\pwr_cord-gen.png

c:\programdata\HP\LGT\Data\Models\Images\generic\settings_button.png

c:\programdata\HP\LGT\Data\Models\Images\generic\setup_poster_icon.jpg

c:\programdata\HP\LGT\Data\Models\Images\generic\usb_ethernet_comparison.png

c:\programdata\HP\LGT\Data\Models\Images\generic\usb_pc.png

c:\programdata\HP\LGT\Data\Models\Images\generic\vista.png

c:\programdata\HP\LGT\Data\Models\Images\generic\wireless_radio.png

c:\programdata\HP\LGT\Data\Models\Images\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\identifying_serial.jpg

c:\programdata\HP\LGT\Data\Models\Images\ink_blk1.jpg

c:\programdata\HP\LGT\Data\Models\Images\ink_blk2.jpg

c:\programdata\HP\LGT\Data\Models\Images\ink_blk3.jpg

c:\programdata\HP\LGT\Data\Models\Images\J4500\adf_jam_lift_cover.gif

c:\programdata\HP\LGT\Data\Models\Images\J4500\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\J4500\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\J4500\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\J4500\jam_rear_door.gif

c:\programdata\HP\LGT\Data\Models\Images\J4500\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\J4500\tray_output_ext_pullout.gif

c:\programdata\HP\LGT\Data\Models\Images\J4500\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\adf_jam_lift_cover.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\J4660\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\J4660\jam_rear_door.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\tray_output_ext_pullout.gif

c:\programdata\HP\LGT\Data\Models\Images\J4660\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\adf_jam_lift_cover.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\J4680\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\J4680\jam_rear_door.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\tray_output_ext_pullout.gif

c:\programdata\HP\LGT\Data\Models\Images\J4680\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\adf_jam_lift_cover.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\duplex_remove.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\feeder_jam.jpg

c:\programdata\HP\LGT\Data\Models\Images\J6400\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\Images\J6400\jam_rear_door.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\load_tray_media.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\tray_output_ext_pullout.gif

c:\programdata\HP\LGT\Data\Models\Images\J6400\tray_output_lift.gif

c:\programdata\HP\LGT\Data\Models\Images\ld_papr2.jpg

c:\programdata\HP\LGT\Data\Models\Images\ld_papr3.jpg

c:\programdata\HP\LGT\Data\Models\Images\lift_auto_doc_feeder1.jpg

c:\programdata\HP\LGT\Data\Models\Images\lift_auto_doc_feeder2.jpg

c:\programdata\HP\LGT\Data\Models\Images\lift_latch.jpg

c:\programdata\HP\LGT\Data\Models\Images\load_photopaper1.jpg

c:\programdata\HP\LGT\Data\Models\Images\load_photopaper2.jpg

c:\programdata\HP\LGT\Data\Models\Images\load_photopaper3.jpg

c:\programdata\HP\LGT\Data\Models\Images\model_version.dll

c:\programdata\HP\LGT\Data\Models\Images\open_top_access_door.gif

c:\programdata\HP\LGT\Data\Models\Images\original_on_glass.jpg

c:\programdata\HP\LGT\Data\Models\Images\paper_jammed_left1.gif

c:\programdata\HP\LGT\Data\Models\Images\paper_jammed_left2.gif

c:\programdata\HP\LGT\Data\Models\Images\paper_jammed_right1.gif

c:\programdata\HP\LGT\Data\Models\Images\paper_jammed_right2.gif

c:\programdata\HP\LGT\Data\Models\Images\pwr_cord.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink1.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink2.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink3.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink4.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink5.jpg

c:\programdata\HP\LGT\Data\Models\Images\replace_ink6.jpg

c:\programdata\HP\LGT\Data\Models\Images\top_dn.jpg

c:\programdata\HP\LGT\Data\Models\Images\top_up3.jpg

c:\programdata\HP\LGT\Data\Models\Images\usb_hub.jpg

c:\programdata\HP\LGT\Data\Models\Images\usb_pc.jpg

c:\programdata\HP\LGT\Data\Models\Images\usbhub.gif

c:\programdata\HP\LGT\Data\Models\Images\wired_connection.jpg

c:\programdata\HP\LGT\Data\Models\Images\wireless_connection.jpg

c:\programdata\HP\LGT\Data\Models\languagemismatch.cfg

c:\programdata\HP\LGT\Data\Models\languagemismatch.lng

c:\programdata\HP\LGT\Data\Models\languagemismatch.net

c:\programdata\HP\LGT\Data\Models\languagemismatch_products.xml

c:\programdata\HP\LGT\Data\Models\MediaMismatch-Merlion.lng

c:\programdata\HP\LGT\Data\Models\model_code.xml

c:\programdata\HP\LGT\Data\Models\Movies\C6100_load_letter.swf

c:\programdata\HP\LGT\Data\Models\Movies\hpqlgtmsm.dll

c:\programdata\HP\LGT\Data\Models\networking.cfg

c:\programdata\HP\LGT\Data\Models\networking.lng

c:\programdata\HP\LGT\Data\Models\networking.net

c:\programdata\HP\LGT\Data\Models\networking_products.xml

c:\programdata\HP\LGT\Data\Models\nopick-sl.lng

c:\programdata\HP\LGT\Data\Models\nopick-sl.net

c:\programdata\HP\LGT\Data\Models\nopick-sl_products.xml

c:\programdata\HP\LGT\Data\Models\nopick.cfg

c:\programdata\HP\LGT\Data\Models\nopick.lng

c:\programdata\HP\LGT\Data\Models\nopick.net

c:\programdata\HP\LGT\Data\Models\nopick_products.xml

c:\programdata\HP\LGT\Data\Models\paperjam-sl.lng

c:\programdata\HP\LGT\Data\Models\paperjam-sl.net

c:\programdata\HP\LGT\Data\Models\paperjam-sl_products.xml

c:\programdata\HP\LGT\Data\Models\paperjam.cfg

c:\programdata\HP\LGT\Data\Models\paperjam.lng

c:\programdata\HP\LGT\Data\Models\paperjam.net

c:\programdata\HP\LGT\Data\Models\paperjam_products.xml

c:\programdata\HP\LGT\Data\Models\papermismatch.cfg

c:\programdata\HP\LGT\Data\Models\papermismatch.lng

c:\programdata\HP\LGT\Data\Models\papermismatch.net

c:\programdata\HP\LGT\Data\Models\papermismatch_products.xml

c:\programdata\HP\LGT\Data\Models\printcartridge-electricalTIJ2.cfg

c:\programdata\HP\LGT\Data\Models\printcartridge-electricalTIJ2.lng

c:\programdata\HP\LGT\Data\Models\printcartridge-electricalTIJ2.net

c:\programdata\HP\LGT\Data\Models\printcartridge-electricalTIJ2_products.xml

c:\programdata\HP\LGT\Data\Models\printcartridge-misinstallTIJ2.cfg

c:\programdata\HP\LGT\Data\Models\printcartridge-misinstallTIJ2.lng

c:\programdata\HP\LGT\Data\Models\printcartridge-misinstallTIJ2.net

c:\programdata\HP\LGT\Data\Models\printcartridge-misinstallTIJ2_products.xml

c:\programdata\HP\LGT\Data\Models\printcartridge-pentypeTIJ2.cfg

c:\programdata\HP\LGT\Data\Models\printcartridge-pentypeTIJ2.lng

c:\programdata\HP\LGT\Data\Models\printcartridge-pentypeTIJ2.net

c:\programdata\HP\LGT\Data\Models\printcartridge-pentypeTIJ2_products.xml

c:\programdata\HP\LGT\Data\Models\printheadalign-sl.lng

c:\programdata\HP\LGT\Data\Models\printheadalign-sl.net

c:\programdata\HP\LGT\Data\Models\printheadalign-sl_products.xml

c:\programdata\HP\LGT\Data\Models\printheadalign.cfg

c:\programdata\HP\LGT\Data\Models\printheadalign.lng

c:\programdata\HP\LGT\Data\Models\printheadalign.net

c:\programdata\HP\LGT\Data\Models\printheadalign_products.xml

c:\programdata\HP\LGT\Data\Models\printheadfailure.cfg

c:\programdata\HP\LGT\Data\Models\printheadfailure.lng

c:\programdata\HP\LGT\Data\Models\printheadfailure.net

c:\programdata\HP\LGT\Data\Models\printheadfailure_products.xml

c:\programdata\HP\LGT\Data\Models\ProductEventTest.net

c:\programdata\HP\LGT\Data\Models\scanner-1-legacy.cfg

c:\programdata\HP\LGT\Data\Models\scanner-1-legacy.lng

c:\programdata\HP\LGT\Data\Models\scanner-1-legacy.net

c:\programdata\HP\LGT\Data\Models\scanner-1-legacy_products.xml

c:\programdata\HP\LGT\Data\Models\scanner.cfg

c:\programdata\HP\LGT\Data\Models\scanner.lng

c:\programdata\HP\LGT\Data\Models\scanner.net

c:\programdata\HP\LGT\Data\Models\scanner_eecs.xml

c:\programdata\HP\LGT\Data\Models\scanner_events.xml

c:\programdata\HP\LGT\Data\Models\scanner_products.xml

c:\programdata\HP\LGT\Data\Models\scannercommunication-legacy.cfg

c:\programdata\HP\LGT\Data\Models\scannercommunication-legacy.lng

c:\programdata\HP\LGT\Data\Models\scannercommunication-legacy.net

c:\programdata\HP\LGT\Data\Models\scannercommunication-legacy_products.xml

c:\programdata\HP\LGT\Data\Models\Spot sensor calibration error.net

c:\programdata\HP\LGT\Data\Models\stallpm.cfg

c:\programdata\HP\LGT\Data\Models\stallpm.lng

c:\programdata\HP\LGT\Data\Models\stallpm.net

c:\programdata\HP\LGT\Data\Models\stallss.cfg

c:\programdata\HP\LGT\Data\Models\stallss.lng

c:\programdata\HP\LGT\Data\Models\stallss.net

c:\programdata\HP\LGT\Data\Models\unabletoprint.cfg

c:\programdata\HP\LGT\Data\Models\unabletoprint.lng

c:\programdata\HP\LGT\Data\Models\unabletoprint.net

c:\programdata\HP\LGT\Data\Models\unabletoprint_products.xml

c:\programdata\HP\LGT\Data\Models\usb.cfg

c:\programdata\HP\LGT\Data\Models\usb.lng

c:\programdata\HP\LGT\Data\Models\usb.net

c:\programdata\HP\LGT\Data\Plugins.cfg

c:\programdata\HP\LGT\Data\Templates\AdvancedTable.tpl

c:\programdata\HP\LGT\Data\Templates\Breadcrumbs.tpl

c:\programdata\HP\LGT\Data\Templates\BrowserInterfaceBase.html

c:\programdata\HP\LGT\Data\Templates\Buttons.tpl

c:\programdata\HP\LGT\Data\Templates\CollectEvidenceState.tpl

c:\programdata\HP\LGT\Data\Templates\EvidenceAdvancedTable.tpl

c:\programdata\HP\LGT\Data\Templates\expandCollapseEx.js

c:\programdata\HP\LGT\Data\Templates\FrameBase.html

c:\programdata\HP\LGT\Data\Templates\FramedFrameBase.html

c:\programdata\HP\LGT\Data\Templates\HelpState.tpl

c:\programdata\HP\LGT\Data\Templates\hpDocument.css

c:\programdata\HP\LGT\Data\Templates\hplgtv_template.dll

c:\programdata\HP\LGT\Data\Templates\HPNoModelState.tpl

c:\programdata\HP\LGT\Data\Templates\HPStartState.tpl

c:\programdata\HP\LGT\Data\Templates\Images\back_button.gif

c:\programdata\HP\LGT\Data\Templates\Images\back_button.png

c:\programdata\HP\LGT\Data\Templates\Images\back_button_grayed_out.gif

c:\programdata\HP\LGT\Data\Templates\Images\back_button_grayed_out.png

c:\programdata\HP\LGT\Data\Templates\Images\back_button_hot.gif

c:\programdata\HP\LGT\Data\Templates\Images\back_button_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\background_bottom_slim.png

c:\programdata\HP\LGT\Data\Templates\Images\background_middle.png

c:\programdata\HP\LGT\Data\Templates\Images\background_top.png

c:\programdata\HP\LGT\Data\Templates\Images\begining-grayed-out.gif

c:\programdata\HP\LGT\Data\Templates\Images\bullets\arrow_in_box.png

c:\programdata\HP\LGT\Data\Templates\Images\bullets\bullet.png

c:\programdata\HP\LGT\Data\Templates\Images\bullets\diamon_blue.png

c:\programdata\HP\LGT\Data\Templates\Images\bullets\hplgtv_bullets.dll

c:\programdata\HP\LGT\Data\Templates\Images\bullets\round_cyan.png

c:\programdata\HP\LGT\Data\Templates\Images\bullets\small_simple_arrow.png

c:\programdata\HP\LGT\Data\Templates\Images\button_l.png

c:\programdata\HP\LGT\Data\Templates\Images\button_l_grayed.png

c:\programdata\HP\LGT\Data\Templates\Images\button_l_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\button_m.png

c:\programdata\HP\LGT\Data\Templates\Images\button_m_grayed.png

c:\programdata\HP\LGT\Data\Templates\Images\button_m_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\button_r.png

c:\programdata\HP\LGT\Data\Templates\Images\button_r_grayed.png

c:\programdata\HP\LGT\Data\Templates\Images\button_r_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\collapsed.gif

c:\programdata\HP\LGT\Data\Templates\Images\expanded.gif

c:\programdata\HP\LGT\Data\Templates\Images\forward.png

c:\programdata\HP\LGT\Data\Templates\Images\forward_button.gif

c:\programdata\HP\LGT\Data\Templates\Images\forward_button.png

c:\programdata\HP\LGT\Data\Templates\Images\forward_button_grayed_out.gif

c:\programdata\HP\LGT\Data\Templates\Images\forward_button_grayed_out.png

c:\programdata\HP\LGT\Data\Templates\Images\forward_button_hot.gif

c:\programdata\HP\LGT\Data\Templates\Images\forward_button_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\hplgtv_oc_img.dll

c:\programdata\HP\LGT\Data\Templates\Images\hplgtv_timages.dll

c:\programdata\HP\LGT\Data\Templates\Images\icon_caution_color.gif

c:\programdata\HP\LGT\Data\Templates\Images\icon_warning_color.gif

c:\programdata\HP\LGT\Data\Templates\Images\online_content_small.gif

c:\programdata\HP\LGT\Data\Templates\Images\projector_icon.jpg

c:\programdata\HP\LGT\Data\Templates\Images\question.bmp

c:\programdata\HP\LGT\Data\Templates\Images\restart_button.gif

c:\programdata\HP\LGT\Data\Templates\Images\restart_button.png

c:\programdata\HP\LGT\Data\Templates\Images\restart_button_hot.gif

c:\programdata\HP\LGT\Data\Templates\Images\restart_button_hot.png

c:\programdata\HP\LGT\Data\Templates\Images\RightArrow.jpg

c:\programdata\HP\LGT\Data\Templates\Images\status_green_medium.png

c:\programdata\HP\LGT\Data\Templates\Images\status_informational_medium.bmp

c:\programdata\HP\LGT\Data\Templates\Images\status_unknown_medium.bmp

c:\programdata\HP\LGT\Data\Templates\Images\top_banner_left.png

c:\programdata\HP\LGT\Data\Templates\Images\top_banner_middle.png

c:\programdata\HP\LGT\Data\Templates\Images\top_banner_right.png

c:\programdata\HP\LGT\Data\Templates\Images\top_header_l.png

c:\programdata\HP\LGT\Data\Templates\Images\top_header_m.png

c:\programdata\HP\LGT\Data\Templates\Images\topbanner_middle.png

c:\programdata\HP\LGT\Data\Templates\Images\warning!.png

c:\programdata\HP\LGT\Data\Templates\InformationAdvancedTable.tpl

c:\programdata\HP\LGT\Data\Templates\PerformedSteps.tpl

c:\programdata\HP\LGT\Data\Templates\SelectTaskState.tpl

c:\programdata\HP\LGT\Data\Templates\style.css

c:\programdata\HP\LGT\Data\Templates\TroubleshooterState.tpl

c:\programdata\HP\LGT\Data\Troubleshooter.cfg

c:\programdata\HP\Mars\usg.ini

c:\programdata\HP\ProductAssistant\data\EventStore.xml

c:\programdata\HP\RB\GPdummy.dll

c:\programdata\HP\RB\hpqrbevt.xml

c:\programdata\HP\SolCtr\Hpqfeedback-sc.cfg

c:\programdata\HP\SolCtr\InkData.xml

c:\programdata\HP\SolCtr\scdatafiles.dll

c:\programdata\xml8E51.tmp

c:\programdata\xml9600.tmp

c:\programdata\xml97F4.tmp

c:\users\Robbie\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll

c:\users\Robbie\AppData\Local\TempDIR

c:\users\Robbie\AppData\Roaming\Adobe\AdobeUpdate .exe

c:\users\Robbie\AppData\Roaming\Adobe\plugs

c:\users\Robbie\AppData\Roaming\HP

c:\users\Robbie\AppData\Roaming\HP\Digital Imaging\Data\Destination\profile.cue

c:\users\Robbie\AppData\Roaming\HP\ScLogs\SolutionCenter.htm

c:\users\Robbie\AppData\Roaming\HP\WebRegLogs\WebRegLog.txt

c:\windows\SysWow64\DEBUG.log

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\rnaph.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

2012-08-02 04:05 . 2012-08-02 04:05 -------- d-----w- C:\FRST

2012-08-02 02:47 . 2012-08-02 02:47 -------- d-----w- c:\programdata\HP

2012-08-02 02:45 . 2012-08-02 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-01 13:54 . 2012-08-01 13:55 -------- d-----w- c:\program files\Paint.NET

2012-08-01 13:54 . 2012-08-01 13:57 -------- d-----w- c:\users\Robbie\AppData\Local\Paint.NET

2012-07-31 13:28 . 2012-07-31 13:29 134672 ----a-w- c:\windows\RegBootClean64.exe

2012-07-31 13:28 . 2012-07-31 13:28 -------- d-----w- c:\programdata\Local Settings

2012-07-27 23:11 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-07-27 23:11 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-20 21:21 . 2012-07-22 19:51 -------- d-----w- c:\users\Robbie\Calibre Library

2012-07-20 21:21 . 2012-07-20 21:30 -------- d-----w- c:\users\Robbie\AppData\Roaming\calibre

2012-07-20 21:10 . 2012-07-20 21:10 -------- d-----w- c:\program files (x86)\Calibre2

2012-07-20 20:47 . 2012-07-25 00:24 -------- d-----w- c:\users\Robbie\Books

2012-07-13 00:18 . 2012-07-13 00:18 -------- d-----w- c:\program files (x86)\MyFree Codec

2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- c:\users\Robbie\AppData\Local\Samsung

2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- c:\users\Robbie\AppData\Roaming\Samsung

2012-07-12 22:49 . 2012-06-26 21:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-07-12 22:48 . 2012-07-12 22:48 -------- d-----w- c:\program files (x86)\MarkAny

2012-07-12 22:48 . 2012-06-26 21:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-07-12 22:48 . 2012-07-12 22:50 -------- d-----w- c:\program files (x86)\Samsung

2012-07-12 22:48 . 2012-07-12 22:49 -------- d-----w- c:\programdata\Samsung

2012-07-09 15:35 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-07 15:54 . 2012-07-07 15:54 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-07-07 15:41 . 2012-08-02 02:27 -------- d-----w- c:\program files (x86)\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-01 19:05 . 2011-07-08 18:53 21520 ----a-w- c:\windows\DCEBoot64.exe

2012-07-17 11:54 . 2012-02-27 20:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-17 11:54 . 2011-12-25 14:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-26 21:02 . 2012-06-26 21:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-06-26 21:02 . 2012-06-26 21:02 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 21:02 . 2012-06-26 21:02 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-06-26 21:02 . 2012-06-26 21:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-06-26 21:02 . 2012-06-26 21:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-06-26 21:02 . 2012-06-26 21:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-06-26 21:02 . 2012-06-26 21:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-06-26 21:02 . 2012-06-26 21:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-06-26 21:02 . 2012-06-26 21:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-06-26 21:02 . 2012-06-26 21:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-06-26 21:02 . 2012-06-26 21:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-06-26 21:02 . 2012-06-26 21:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-06-26 21:02 . 2012-06-26 21:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-06-26 21:02 . 2012-06-26 21:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-06-26 21:02 . 2012-06-26 21:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-06-26 21:02 . 2012-06-26 21:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-06-26 21:02 . 2012-06-26 21:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-06-26 21:02 . 2012-06-26 21:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-06-26 21:02 . 2012-06-26 21:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-06-26 21:02 . 2012-06-26 21:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-06-26 21:02 . 2012-06-26 21:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-06-26 21:02 . 2012-06-26 21:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-06-26 21:02 . 2012-06-26 21:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-06-26 21:02 . 2012-06-26 21:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-06-26 21:02 . 2012-06-26 21:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-06-17 13:30 . 2012-06-17 13:31 268720 ----a-w- c:\windows\system32\javaws.exe

2012-06-17 13:30 . 2012-06-17 13:30 189360 ----a-w- c:\windows\system32\javaw.exe

2012-06-17 13:30 . 2012-06-17 13:30 188840 ----a-w- c:\windows\system32\java.exe

2012-06-17 13:30 . 2011-12-19 04:54 955840 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-17 13:30 . 2011-02-22 02:11 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-15 21:20 . 2010-01-11 19:25 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-05-18 02:47 . 2012-06-15 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-05-18 02:16 . 2012-06-15 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-05-18 02:06 . 2012-06-15 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-05-18 01:59 . 2012-06-15 21:16 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-05-18 01:59 . 2012-06-15 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-05-18 01:58 . 2012-06-15 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-18 01:58 . 2012-06-15 21:16 237056 ----a-w- c:\windows\system32\url.dll

2012-05-18 01:56 . 2012-06-15 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-18 01:55 . 2012-06-15 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-18 01:55 . 2012-06-15 21:16 818688 ----a-w- c:\windows\system32\jscript.dll

2012-05-18 01:54 . 2012-06-15 21:16 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-05-18 01:51 . 2012-06-15 21:16 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-05-18 01:51 . 2012-06-15 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-18 01:47 . 2012-06-15 21:16 248320 ----a-w- c:\windows\system32\ieui.dll

2012-05-17 22:45 . 2012-06-15 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-05-17 22:35 . 2012-06-15 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-17 22:35 . 2012-06-15 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29 . 2012-06-15 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24 . 2012-06-15 21:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32 . 2012-06-13 18:06 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-05-04 11:06 . 2012-06-13 18:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 11:00 . 2012-06-18 16:43 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-05-04 10:03 . 2012-06-13 18:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 18:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59 . 2012-06-18 16:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R3 ATICDSDr;ATICDSDr;c:\users\Robbie\AppData\Local\Temp\ATICDSDr.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 250056]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-26 573224]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/20 10:19];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-09 22:38 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 20:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-27 11:54]

.

2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3378118443-294144380-135819489-1000Core.job

- c:\users\Robbie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 02:47]

.

2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3378118443-294144380-135819489-1000UA.job

- c:\users\Robbie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 02:47]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 05:06]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 05:06]

.

2012-07-26 c:\windows\Tasks\HPCeeScheduleForRobbie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.mwt.net

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.11.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Explorer_Run-33924 - c:\progra~3\LOCALS~1\Temp\msyaqwnev.exe

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\05\04\03\00\09\05?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

.

**************************************************************************

.

Completion time: 2012-08-01 21:51:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-02 02:51

.

Pre-Run: 204,945,678,336 bytes free

Post-Run: 204,555,198,464 bytes free

.

- - End Of File - - D0EDC790FF904FA5BE1EBE7FDFD1464D

Link to post
Share on other sites

Yes, it's my printer... I shouldn't have a problem reinstalling it when this is done :)

It was probably deleted because it's in a place where it shouldn't be.

Should be in the programs folder.

Are you sure you can reinstall all of that?

-------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now,

---------------------------------------------

I'm gone for tonight, be back tomorrow , MrC

Link to post
Share on other sites

Same thing as before, it shows up and when I remove it and restart, it's still there when I scan it again.

Thanks for the help so far, have a good nite

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Robbie :: HP [administrator]

8/1/2012 10:32:29 PM

mbam-log-2012-08-01 (22-39-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 206161

Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|33924 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] HKLM\[...]\Policies\Explorer\Run : 33924 (C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Policies\Explorer\Run : 33924 (C:\PROGRA~3\LOCALS~1\Temp\msyaqwnev.exe) -> FOUND

Now click Delete on the right hand column under Options

------------------------------

Then.........

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

Let me know, MrC

Link to post
Share on other sites

Yes that usually fixes it, I've ran in to this before.

------------------------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.