I have had the redirect virus, and AVG was saying winlogon.exe and explorer.exe were infected. It also said "virus found win32/patched". I'm sorry, but I did run combofix (I had not yet read the "Before you post" forum). That means I had to remove AVG. Combofix also detected winlogon and explorer as infected. I can post my combofix log or do a new one if you'd like. I actually have tried quite a bit on my own to defeat the virus but have had no success. I appreciate any help and let me know if any other information is needed. Thanks.
Here is my DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 15:09:21.07 on Fri 12/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.49 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
=============== Created Last 30 ================
2010-12-31 21:15:22 98816 ----a-w- c:\windows\sed.exe
2010-12-31 21:15:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 21:15:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 21:15:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin
==================== Find3M ====================
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
2010-11-28 01:49:42 0 ----a-w- c:\windows\system32\FAPCC.tmp
============= FINISH: 15:10:33.31 ===============