Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection (xp Antivirus 2007) Related?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Ocotillo

Ocotillo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 December 2007 - 04:01 PM

Infected by means of a "video e-mail" according to my son who was using the PC at the time. I've removed "XP Antivirus 2007" but haven't been able to clear the below symptoms. I know there are more AV products running than I should have, this is a result of trying to fix this mess. Normally, Trend Micro Internet Security will be running (it was disabled at the time of infection).

Changed Homepage to "softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"

Created three (3) destop shortcuts (these reappear at reboot if deleted manually):

1) Error Cleaner "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=1"
2) Privacy Protector "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=0"
3) Spyware&Malware Protection "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=2"

Two (2) popups at various intervals:

1) Spyware Alert which claims Worm.Win32.NetSky is present on the PC, when it is not, as other scans do not find it. I
have also run "Netskyfix" from Symantec.

2) Windows Security alert "Windows has detected an Internet attack attempt... Somebody's trying to infect your PC
with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking
attempts and spyware. Click here to download spyware remover for total protection."

One (1) System Tray notification at various intervals: "System Alert. System has detected virus activities. These
may impact the performance of your computer. Please, use recommended antispyware software to protect your system
from parasitic programs."

Two (2) different IE windows open at various intervals:

1) "safenavweb.com/index.php?sid=0&said=0&aid=0&pn=&pid=0"
2) "Privacy.securepccleaner.com/MTY4ODE=/2/5993/ed=2/0-POPUP"
______________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:17 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: xcvwer - {E14640E9-1592-4F74-90E1-E40A47AA4406} - C:\WINDOWS\xcvwer.dll
O21 - SSODL: hjoqor - {911B012B-E27F-4F53-8B7E-A48D47B8C399} - C:\WINDOWS\hjoqor.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10814 bytes

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 23 December 2007 - 04:16 PM

Hello Ocotillo and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


NOTE: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step #2

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
In your next post please include the following reports:
  • SmitfraudFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#3 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 December 2007 - 04:59 PM

Thanks for your assistance Snowhite. Had two (2) exceptions while running the scans/reports:

1) Smitfraud reported that "dumphive.exe" was not present.
2) DSS did not produce an "extra.txt" report. I reran DSS three times and checked the deckard directory but only the "main.txt" file was present. I've used DSS previously without any trouble.

Requested scans:
____________________________________________________________________________
SmitFraudFix v2.274

Scan done at 14:39:27.14, Sun 12/23/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\binret.exe FOUND !
C:\WINDOWS\hjoqor.dll FOUND !
C:\WINDOWS\xcvwer.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sherri Budworth


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sherri Budworth\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SHERRI~1\FAVORI~1

C:\DOCUME~1\SHERRI~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\SHERRI~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\SHERRI~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\SHERRI~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\SHERRI~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\SHERRI~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.12
DNS Server Search Order: 68.105.29.12
DNS Server Search Order: 68.105.28.11

HKLM\SYSTEM\CCS\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
_____________________________________________________________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Sherri Budworth on 2007-12-23 14:49:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sherri Budworth.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:44 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\Sherri Budworth\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SHERRI~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: xcvwer - {E14640E9-1592-4F74-90E1-E40A47AA4406} - C:\WINDOWS\xcvwer.dll
O21 - SSODL: hjoqor - {911B012B-E27F-4F53-8B7E-A48D47B8C399} - C:\WINDOWS\hjoqor.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10877 bytes

-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 14:39:54 3500 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 14:35:44 0 d-------- C:\SmitfraudFix
2007-12-23 14:33:15 1129580 --a------ C:\SmitfraudFix.exe
2007-12-23 09:34:29 0 d-------- C:\Program Files\Lavasoft
2007-12-23 09:34:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-22 12:57:37 0 d-------- C:\Program Files\Spyware Doctor
2007-12-22 12:57:37 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\PC Tools
2007-12-21 17:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 17:44:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 17:44:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 17:44:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\SUPERAntiSpyware.com
2007-12-21 16:39:57 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-21 16:27:45 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-20 18:22:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\HouseCall 6.6
2007-12-20 15:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-20 15:56:12 0 d-------- C:\Program Files\Trend Micro
2007-12-20 08:35:40 270336 --a------ C:\WINDOWS\xcvwer.dll <Not Verified; ; xcvwer>
2007-12-20 08:35:40 208896 -----n--- C:\WINDOWS\hjoqor.dll
2007-12-20 08:35:40 77824 --a------ C:\WINDOWS\binret.exe
2007-12-20 08:27:53 0 d-------- C:\Program Files\MediaVideoCodec
2007-12-09 10:10:23 0 d-------- C:\Program Files\Ventrilo
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-12-20 16:04:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-13 18:09:52 0 d-------- C:\Program Files\World of Warcraft
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files
2007-11-07 15:39:29 0 d-------- C:\Program Files\iTunes
2007-11-07 15:39:13 0 d-------- C:\Program Files\iPod
2007-11-07 15:37:55 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 12:14 PM C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [11/23/2005 05:32 PM]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/10/2005 11:24 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 07:29 AM C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [05/31/2005 10:00 PM C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 05:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 06:37 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2005 04:54 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/01/2005 05:10 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/22/2005 11:46 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/22/2005 11:47 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/06/2006 12:11 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/06/2006 12:13 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [10/06/2006 12:10 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/04/2005 09:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [09/18/2007 12:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 01:32 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [11/07/2006 06:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 04:24 PM]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [10/05/2007 01:22 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xcvwer"= {E14640E9-1592-4F74-90E1-E40A47AA4406} - C:\WINDOWS\xcvwer.dll [12/20/2007 02:45 AM 270336]
"hjoqor"= {911B012B-E27F-4F53-8B7E-A48D47B8C399} - C:\WINDOWS\hjoqor.dll [12/20/2007 02:45 AM 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/22/2005 11:46 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-12-23 14:51:37 ------------

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 24 December 2007 - 03:03 AM

Hello,

Probably the antivirus program was interfering with the scan, or deleted the dumphive.exe, but i cant tell for sure. Anyway this shouldn't be a problem in next step because we are going to run smitfraudfix in safe mode.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

After reboot and while in Normal Mode, follow these steps for running combofix:
1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

2) DSS did not produce an "extra.txt" report. I reran DSS three times and checked the deckard directory but only the "main.txt" file was present. I've used DSS previously without any trouble.


Lets try this:

Click start > Run > in the empty Run box copy&paste this line :

"%userprofile%/desktop/dss.exe" /config

Press OK.

At the new window that will open, uncheck everything under Main Log, and put a check mark next to everything under Extra Log, then press the Scan! button. This will generate extra.txt post the contents of it back here.

Post back with SmitfraudFix report, Combofix report, the contents of extra.txt and new HijackThis log.

Let me know hot the things will go.

Regards,
SNOWHITE
Posted Image

#5 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 24 December 2007 - 01:11 PM

I appears to be fixed, however, I had run ComboFix prior to posting the first time and it appeared to fix the problem until the 3rd or 4th reboot at which time, the symptoms reappeared.

Once again, no "extra.txt" report from DSS but the remainder of the new reports follow:

________________________
SmitFraudFix v2.274

Scan done at 8:37:32.91, Mon 12/24/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\binret.exe Deleted
C:\WINDOWS\hjoqor.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{911B012B-E27F-4F53-8B7E-A48D47B8C399}]
C:\WINDOWS\xcvwer.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{E14640E9-1592-4F74-90E1-E40A47AA4406}]

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

______________________________________________

ComboFix 07-12-22.1 - Sherri Budworth 2007-12-24 10:41:18.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.634 [GMT -7:00]
Running from: C:\Documents and Settings\Sherri Budworth\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 14:39 . 2007-12-24 08:37 3,500 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 14:35 . 2007-12-24 08:39 <DIR> d-------- C:\SmitfraudFix
2007-12-23 14:33 . 2007-12-23 14:29 1,129,580 --a------ C:\SmitfraudFix.exe
2007-12-21 21:54 . 2007-12-21 21:54 <DIR> d-------- C:\Deckard
2007-12-21 17:52 . 2007-12-22 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 17:44 . 2007-12-24 08:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 17:44 . 2007-12-21 17:44 <DIR> d-------- C:\Documents and Settings\Sherri Budworth\Application Data\SUPERAntiSpyware.com
2007-12-21 17:44 . 2007-12-21 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 17:26 . 2007-12-21 17:31 972,050,432 --a------ C:\25.tmp
2007-12-21 17:01 . 2007-12-21 17:04 630,353,920 --a------ C:\AA.tmp
2007-12-21 16:39 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-21 16:27 . 2007-12-21 17:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-21 16:27 . 2007-12-21 17:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-21 16:27 . 2007-12-21 17:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-21 16:27 . 2007-12-21 17:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-20 18:22 . 2007-12-20 18:29 <DIR> d-------- C:\Documents and Settings\Sherri Budworth\Application Data\HouseCall 6.6
2007-12-20 15:56 . 2007-12-24 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-20 15:56 . 2007-12-24 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-20 08:27 . 2007-12-20 08:27 <DIR> d-------- C:\Program Files\MediaVideoCodec
2007-12-09 10:10 . 2007-12-09 10:10 <DIR> d-------- C:\Program Files\Ventrilo
2007-12-09 10:10 . 2007-12-23 10:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 23:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-14 01:09 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 22:39 --------- d-----w C:\Program Files\iTunes
2007-11-07 22:39 --------- d-----w C:\Program Files\iPod
2007-11-07 22:37 --------- d-----w C:\Program Files\QuickTime
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_17.30.06.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-04 22:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
- 2007-03-16 01:19:28 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 21:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2005-03-21 18:00:24 4,096 ----a-w C:\WINDOWS\system32\sabprocenum.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 01:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2006-11-07 18:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 16:24]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2007-10-05 13:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 12:14 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-23 17:32]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 11:24]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 07:29 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 17:13]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 18:37]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 16:54]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 05:10]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-04 21:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 09:43:03]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 20:40:41]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 01:05]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 22:15:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 11:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2007-12-24 11:02:11
.
2007-12-12 14:33:58 --- E O F ---

______________________________________________________________

Deckard's System Scanner v20071014.68
Run by Sherri Budworth on 2007-12-24 11:05:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sherri Budworth.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:06 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sherri Budworth\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SHERRI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8322 bytes

-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-23 14:39:54 3500 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 14:35:44 0 d-------- C:\SmitfraudFix
2007-12-23 14:33:15 1129580 --a------ C:\SmitfraudFix.exe
2007-12-21 17:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 17:44:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 17:44:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 17:44:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\SUPERAntiSpyware.com
2007-12-21 16:39:57 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-21 16:27:45 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-20 18:22:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\HouseCall 6.6
2007-12-20 15:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-20 15:56:12 0 d-------- C:\Program Files\Trend Micro
2007-12-20 08:27:53 0 d-------- C:\Program Files\MediaVideoCodec
2007-12-09 10:10:23 0 d-------- C:\Program Files\Ventrilo
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-12-20 16:04:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-13 18:09:52 0 d-------- C:\Program Files\World of Warcraft
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files
2007-11-07 15:39:29 0 d-------- C:\Program Files\iTunes
2007-11-07 15:39:13 0 d-------- C:\Program Files\iPod
2007-11-07 15:37:55 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 12:14 PM C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [11/23/2005 05:32 PM]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/10/2005 11:24 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 07:29 AM C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [05/31/2005 10:00 PM C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 05:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 06:37 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2005 04:54 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/01/2005 05:10 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/22/2005 11:46 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/22/2005 11:47 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/06/2006 12:11 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/06/2006 12:13 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [10/06/2006 12:10 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/04/2005 09:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 01:32 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [11/07/2006 06:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 04:24 PM]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [10/05/2007 01:22 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/22/2005 11:46 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll




-- End of Deckard's System Scanner: finished at 2007-12-24 11:05:25 ------------

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 28 December 2007 - 08:58 AM

Hello Ocotillo, sorry for the delay :thumbsup:

Please follow the steps below exactly in the order they are written:

Step #1

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\25.tmp
    C:\AA.tmp
    C:\Program Files\MediaVideoCodec


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #2

You can fix next line if you haven't set those restrictions. Re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Step #3

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Step #4
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Post back with OTMoveIt report, AVG Anti-Spyware report, Uninstall list and new HijackThis log. Let me know how is the computer running.

Regards,
SNOWHITE
Posted Image

#7 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 28 December 2007 - 01:27 PM

Greetings Snowhite,

No troubles about the delay, this time of year can be like that.

The PC is running VERY slow. Bootup takes 2-3x what it used to (possible due to Trend Micro Internet Security program?; this takes an inordinate amount of time to fully load (so long that Windows reports the Firewall is down and AV software is out of date before is completes loading. My wife uses this PC mainly for household finances and World of Warcraft (I've changed all of her on-line passwords from my PC) and it's extremely slow to launch any program now.

Regards,
Ocotillo

___________________________________________

OTMoveIt Report:

C:\25.tmp moved successfully.
C:\AA.tmp moved successfully.
C:\Program Files\MediaVideoCodec moved successfully.

Created on 12/28/2007 08:59:58

___________________________________________

AVG Anti-Spyware report --- Not available, report button remained grayed out even though the settings were as instructed.

The scan found one (1) instance of "Not-A-Virus.Adware.Vapsup" in the system restore area, this was quarentined per instructions.

___________________________________________

Install List:

AVG Anti-Spyware 7.5
HijackThis 2.0.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Trend Micro Internet Security
Trend Micro Internet Security


___________________________________________

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:00 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9382 bytes

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 28 December 2007 - 09:05 PM

Hello Ocotillo,

Do you still have DSS on the desktop?

C:\Deckard <-- Delete this folder

Delete the folder above and re-run dss, if extra.txt is generated, post the contents of it back here.

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Regards,
SNOWHITE
Posted Image

#9 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 29 December 2007 - 04:31 PM

Snowhite,

Still no "extra.txt" from DSS.

Ocotillo

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 29, 2007 2:22:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/12/2007
Kaspersky Anti-Virus database records: 500065
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 94858
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:08:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-7e9e2d6b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sherri Budworth\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-7e9e2d6b.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sherri Budworth\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\History\History.IE5\MSHist012007122920071230\index.dat Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\BIT194.tmp Object is locked skipped
C:\Documents and Settings\Sherri Budworth\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sherri Budworth\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sherri Budworth\ntuser.dat.LOG Object is locked skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP4\A0001360.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP4\A0001396.dll Infected: not-a-virus:AdWare.Win32.Vapsup.tm skipped
C:\System Volume Information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 03 January 2008 - 09:51 PM

Hello Ocotillo,

What happens when you copy&paste this command in runbox?

"%userprofile%/desktop/dss.exe" /config

Click on start > Run and paste it in the runbox then click OK, at the dialog box press on the Check All button, then press the Scan! button. Please let me know how it goes.



Clear the Java Runtime Environment (JRE) cache:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Your Kaspersky report doesn't look bad, how is the computer running?

Please post new HijackThis log in your next post.

Regards,
SNOWHITE
Posted Image

#11 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 06 January 2008 - 10:32 AM

Greetings Snowhite,

Sorry for the dealy in posting back. DSS ran fine once the config was set properly, it generated main, extras and moved.txt files which are included belwo with a new HJT log.

The computer continues to run very slowly. Increased time for boot-up and shutdown as well as program load and shutdown. Once a program is loaded they seem to run fine but performance is degradated.

Cheers,
Ocotillo
___________________________________
Deckard's System Scanner v20071014.68
Run by Sherri Budworth on 2008-01-06 08:20:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-01-06 15:20:09 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2007-12-24 20:27:44 UTC - RP7 - Installed Trend Micro Internet Security
6: 2007-12-24 17:35:37 UTC - RP6 - Removed Trend Micro Internet Security
5: 2007-12-24 17:11:49 UTC - RP5 - Removed Ad-Aware 2007
4: 2007-12-23 20:15:26 UTC - RP4 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-22 04:54:31 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Sherri Budworth.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:35 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sherri Budworth\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SHERRI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9649 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071221-180206-408 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20071221-180206-932 O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
backup-20071221-180313-777 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071221-180446-813 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
backup-20071221-180446-980 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071222-090945-730 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20071222-173731-838 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20071228-090251-963 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 catchme - c:\docume~1\sherri~1\locals~1\temp\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&1D3F0FBB&0&20F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&1D3F0FBB&0&20F0
Service: w29n51


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 964)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2005-07-22 23:46:56 110592 --a------ C:\Program Files\Intel\Wireless\Bin\LgNotify.dll <Not Verified; Intel Corporation; LogonNotify Dynamic Link Library>

C:\WINDOWS\explorer.exe (pid 1752)
2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2006-09-01 10:30:30 44544 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2005-05-31 21:59:56 53248 --a------ C:\WINDOWS\system32\TPwrCfg.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2005-05-31 21:59:40 81920 --a------ C:\WINDOWS\system32\TPwrReg.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2005-05-31 21:59:46 53248 --a------ C:\WINDOWS\system32\TPSTrace.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Powre Saver>
2002-07-04 09:38:00 53248 --a------ C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
2006-12-20 13:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2007-02-27 12:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>


-- Scheduled Tasks -------------------------------------------------------------

2008-01-05 15:12:35 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-06 and 2008-01-06 -----------------------------

2007-12-29 12:39:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 12:39:56 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 09:04:33 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\Grisoft
2007-12-28 09:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 14:39:54 3500 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 14:35:44 0 d-------- C:\SmitfraudFix
2007-12-23 14:33:15 1129580 --a------ C:\SmitfraudFix.exe
2007-12-21 17:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 17:44:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 17:44:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 17:44:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\SUPERAntiSpyware.com
2007-12-21 16:39:57 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-21 16:27:45 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-20 18:22:09 0 d-------- C:\Documents and Settings\Sherri Budworth\Application Data\HouseCall 6.6
2007-12-20 15:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-20 15:56:12 0 d-------- C:\Program Files\Trend Micro
2007-12-09 10:10:23 0 d-------- C:\Program Files\Ventrilo
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-12-20 16:04:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-13 18:09:52 0 d-------- C:\Program Files\World of Warcraft
2007-12-09 10:10:00 0 d-------- C:\Program Files\Common Files
2007-11-07 15:39:29 0 d-------- C:\Program Files\iTunes
2007-11-07 15:39:13 0 d-------- C:\Program Files\iPod
2007-11-07 15:37:55 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 12:14 PM C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [11/23/2005 05:32 PM]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/10/2005 11:24 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 07:29 AM C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [05/31/2005 10:00 PM C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 05:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 06:37 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2005 04:54 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/01/2005 05:10 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/22/2005 11:46 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/22/2005 11:47 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/06/2006 12:11 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/06/2006 12:13 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [10/06/2006 12:10 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/04/2005 09:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [09/18/2007 12:29 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 01:32 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [11/07/2006 06:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 04:24 PM]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [10/05/2007 01:22 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/22/2005 11:46 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll




-- End of Deckard's System Scanner: finished at 2008-01-06 08:21:37 ------------

____________________________________________

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1015.42 MiB / 453.73 MiB
Pagefile Memory (total/avail): 2445.78 MiB / 1965.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.9 MiB

C: is Fixed (NTFS) - 111.54 GiB total, 65.09 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 111.54 GiB - C:
\PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro Personal Firewall v5.0 (Trend Micro Inc.)
AV: McAfee VirusScan v (McAfee) Disabled
AV: Trend Micro Internet Security v16.00.1645 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sherri Budworth\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LITTLEBIT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A105
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sherri Budworth
LOGONSERVER=\\LITTLEBIT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp
USERDOMAIN=LITTLEBIT
USERNAME=Sherri Budworth
USERPROFILE=C:\Documents and Settings\Sherri Budworth
VERNUM=PSAA0U-123456V
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sherri Budworth (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil


-- Application Event Log -------------------------------------------------------

Event Record #/Type13421 / Error
Event Submitted/Written: 01/03/2008 02:21:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13324 / Error
Event Submitted/Written: 12/30/2007 10:07:59 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module flash9c.ocx, version 9.0.45.0, fault address 0x00189bc0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type13318 / Error
Event Submitted/Written: 12/30/2007 09:41:09 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13307 / Warning
Event Submitted/Written: 12/29/2007 09:54:29 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type13253 / Error
Event Submitted/Written: 12/28/2007 05:29:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type63991 / Warning
Event Submitted/Written: 01/05/2008 06:05:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type63860 / Error
Event Submitted/Written: 01/04/2008 02:29:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type63806 / Error
Event Submitted/Written: 01/04/2008 10:03:08 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type63646 / Warning
Event Submitted/Written: 01/02/2008 09:25:15 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type63645 / Warning
Event Submitted/Written: 01/02/2008 09:25:10 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-01-06 08:21:37 ------------

____________________________________

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-01-01 22:08:15 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\121f_appcompat.txt
2007-12-29 11:44:00 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\13bc_appcompat.txt
2007-12-31 14:11:37 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\22bc_appcompat.txt
2007-12-31 23:11:52 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\3395_appcompat.txt
2007-12-28 12:24:40 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\3c35_appcompat.txt
2008-01-04 10:02:54 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\3ea0_appcompat.txt
2008-01-04 14:29:18 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\5750_appcompat.txt
2008-01-04 21:34:52 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\5771_appcompat.txt
2007-12-29 14:50:39 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\5846_appcompat.txt
2007-12-30 10:17:52 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\61af_appcompat.txt
2007-12-30 17:13:12 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\69ac_appcompat.txt
2008-01-03 14:22:10 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\6aa7_appcompat.txt
2008-01-02 14:00:16 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\6d24_appcompat.txt
2007-12-29 14:29:38 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\6fc0_appcompat.txt
2008-01-02 15:11:39 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7129_appcompat.txt
2008-01-05 15:57:36 7686 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\712_appcompat.txt
2008-01-02 21:29:09 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7417_appcompat.txt
2008-01-02 09:36:57 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\774d_appcompat.txt
2007-12-31 18:00:49 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7bd4_appcompat.txt
2007-12-28 18:07:32 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7dbc_appcompat.txt
2007-12-29 15:49:41 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7df_appcompat.txt
2007-12-29 14:23:12 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7e2d_appcompat.txt
2007-12-28 11:28:29 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7e36_appcompat.txt
2008-01-03 16:08:37 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\7f77_appcompat.txt
2008-01-01 16:08:17 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\82de_appcompat.txt
2008-01-05 16:59:55 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\93b8_appcompat.txt
2007-12-29 15:40:44 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\97c1_appcompat.txt
2008-01-01 21:01:32 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\988d_appcompat.txt
2008-01-05 20:54:23 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\9c68_appcompat.txt
2007-12-31 22:07:55 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\9ead_appcompat.txt
2008-01-02 11:51:46 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\aa54_appcompat.txt
2007-12-31 13:26:21 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\ad3f_appcompat.txt
2007-12-29 12:19:38 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\b67_appcompat.txt
2008-01-03 09:20:09 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\be22_appcompat.txt
2008-01-03 15:48:35 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1.tmp
2008-01-05 16:51:49 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10.tmp
2008-01-04 07:35:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT100.tmp
2008-01-04 07:36:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT101.tmp
2008-01-04 07:37:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT102.tmp
2008-01-04 07:38:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT103.tmp
2008-01-04 07:39:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT104.tmp
2008-01-04 07:40:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT105.tmp
2008-01-04 07:41:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT106.tmp
2008-01-04 07:18:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT107.tmp
2008-01-04 07:43:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT108.tmp
2008-01-04 07:44:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT109.tmp
2008-01-04 07:45:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10A.tmp
2008-01-04 07:46:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10B.tmp
2008-01-04 07:47:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10C.tmp
2008-01-04 07:48:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10D.tmp
2008-01-04 07:49:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10E.tmp
2008-01-04 07:54:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT10F.tmp
2008-01-05 20:11:22 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11.tmp
2008-01-04 07:55:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT110.tmp
2008-01-04 07:56:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT111.tmp
2008-01-04 07:58:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT112.tmp
2008-01-04 07:59:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT113.tmp
2008-01-04 08:00:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT114.tmp
2008-01-04 08:01:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT115.tmp
2008-01-04 08:02:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT116.tmp
2008-01-04 08:04:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT117.tmp
2008-01-04 08:05:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT118.tmp
2008-01-04 08:06:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT119.tmp
2008-01-04 08:08:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11A.tmp
2008-01-04 08:09:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11B.tmp
2008-01-04 08:10:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11C.tmp
2008-01-04 08:10:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11D.tmp
2008-01-04 08:11:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11E.tmp
2008-01-04 08:12:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT11F.tmp
2008-01-05 20:08:08 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12.tmp
2008-01-04 08:13:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT120.tmp
2008-01-04 08:14:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT121.tmp
2008-01-04 08:16:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT122.tmp
2008-01-04 08:17:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT123.tmp
2008-01-05 20:26:51 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT124.tmp
2008-01-04 08:19:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT125.tmp
2008-01-04 08:19:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT126.tmp
2008-01-04 08:20:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT127.tmp
2008-01-04 08:21:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT128.tmp
2008-01-04 08:22:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT129.tmp
2008-01-04 08:24:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12A.tmp
2008-01-04 08:25:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12B.tmp
2008-01-04 08:26:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12C.tmp
2008-01-04 08:27:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12D.tmp
2008-01-04 08:28:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12E.tmp
2008-01-04 08:29:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT12F.tmp
2008-01-05 16:37:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13.tmp
2008-01-04 08:30:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT130.tmp
2008-01-04 08:31:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT131.tmp
2008-01-04 08:32:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT132.tmp
2008-01-04 08:33:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT133.tmp
2008-01-04 08:34:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT134.tmp
2008-01-04 08:35:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT135.tmp
2008-01-04 08:37:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT136.tmp
2008-01-04 08:38:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT137.tmp
2008-01-04 08:38:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT138.tmp
2008-01-04 08:40:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT139.tmp
2008-01-04 08:41:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13A.tmp
2008-01-04 08:42:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13B.tmp
2008-01-04 08:43:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13C.tmp
2008-01-04 08:44:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13D.tmp
2008-01-04 08:44:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13E.tmp
2008-01-04 08:45:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT13F.tmp
2008-01-05 16:38:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14.tmp
2008-01-04 08:46:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT140.tmp
2008-01-04 08:47:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT141.tmp
2008-01-04 08:48:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT142.tmp
2008-01-04 08:49:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT143.tmp
2008-01-04 08:50:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT144.tmp
2008-01-04 08:51:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT145.tmp
2008-01-04 08:52:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT146.tmp
2008-01-04 08:54:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT147.tmp
2008-01-04 08:55:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT148.tmp
2008-01-04 08:56:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT149.tmp
2008-01-04 08:57:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14A.tmp
2008-01-04 08:59:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14B.tmp
2008-01-04 09:00:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14C.tmp
2008-01-04 09:01:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14D.tmp
2008-01-04 09:03:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14E.tmp
2008-01-04 09:04:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT14F.tmp
2008-01-05 16:39:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15.tmp
2008-01-04 09:06:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT150.tmp
2008-01-04 09:06:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT151.tmp
2008-01-04 10:04:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT152.tmp
2008-01-04 10:05:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT153.tmp
2008-01-04 10:05:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT154.tmp
2008-01-04 10:06:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT155.tmp
2008-01-04 10:06:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT156.tmp
2008-01-04 10:07:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT157.tmp
2008-01-04 10:08:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT158.tmp
2008-01-04 10:08:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT159.tmp
2008-01-04 10:09:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15A.tmp
2008-01-04 10:09:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15B.tmp
2008-01-04 10:10:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15C.tmp
2008-01-04 10:10:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15D.tmp
2008-01-04 10:11:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15E.tmp
2008-01-04 10:11:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT15F.tmp
2008-01-05 16:32:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16.tmp
2008-01-04 10:12:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT160.tmp
2008-01-04 10:12:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT161.tmp
2008-01-04 10:13:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT162.tmp
2008-01-04 10:13:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT163.tmp
2008-01-04 10:14:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT164.tmp
2008-01-04 10:14:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT165.tmp
2008-01-04 10:15:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT166.tmp
2008-01-04 10:15:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT167.tmp
2008-01-04 10:16:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT168.tmp
2008-01-04 10:16:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT169.tmp
2008-01-04 10:17:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16A.tmp
2008-01-04 10:17:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16B.tmp
2008-01-05 20:29:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16C.tmp
2008-01-04 10:18:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16D.tmp
2008-01-04 10:19:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16E.tmp
2008-01-04 10:19:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT16F.tmp
2008-01-05 16:39:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17.tmp
2008-01-04 10:20:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT170.tmp
2008-01-04 10:20:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT171.tmp
2008-01-04 10:21:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT172.tmp
2008-01-04 10:21:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT173.tmp
2008-01-04 10:22:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT174.tmp
2008-01-04 10:22:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT175.tmp
2008-01-04 10:22:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT176.tmp
2008-01-04 10:23:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT177.tmp
2008-01-04 10:23:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT178.tmp
2008-01-04 10:24:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT179.tmp
2008-01-04 10:24:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17A.tmp
2008-01-04 10:25:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17B.tmp
2008-01-04 10:25:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17C.tmp
2008-01-04 10:26:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17D.tmp
2008-01-04 10:26:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17E.tmp
2008-01-04 10:27:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT17F.tmp
2008-01-05 16:40:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18.tmp
2008-01-04 10:27:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT180.tmp
2008-01-04 10:28:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT181.tmp
2008-01-04 10:28:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT182.tmp
2008-01-04 10:29:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT183.tmp
2008-01-04 10:29:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT184.tmp
2008-01-04 10:30:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT185.tmp
2008-01-04 10:30:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT186.tmp
2008-01-04 10:31:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT187.tmp
2008-01-04 10:31:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT188.tmp
2008-01-04 10:32:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT189.tmp
2008-01-04 10:32:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18A.tmp
2008-01-04 10:33:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18B.tmp
2008-01-04 10:33:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18C.tmp
2008-01-04 10:34:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18D.tmp
2008-01-04 10:34:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18E.tmp
2008-01-04 10:35:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT18F.tmp
2008-01-05 16:40:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19.tmp
2008-01-04 10:35:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT190.tmp
2008-01-04 10:35:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT191.tmp
2008-01-04 10:36:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT192.tmp
2008-01-04 10:37:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT193.tmp
2008-01-04 10:37:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT194.tmp
2008-01-04 10:37:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT195.tmp
2008-01-04 10:38:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT196.tmp
2008-01-04 10:38:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT197.tmp
2008-01-04 10:39:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT198.tmp
2008-01-04 10:39:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT199.tmp
2008-01-04 10:40:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19A.tmp
2008-01-04 10:40:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19B.tmp
2008-01-04 10:41:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19C.tmp
2008-01-04 10:41:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19D.tmp
2008-01-04 10:42:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19E.tmp
2008-01-04 10:43:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT19F.tmp
2008-01-05 16:41:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A.tmp
2008-01-04 10:43:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A0.tmp
2008-01-04 10:43:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A1.tmp
2008-01-04 10:44:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A2.tmp
2008-01-04 10:44:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A3.tmp
2008-01-04 10:45:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A4.tmp
2008-01-04 10:45:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A5.tmp
2008-01-04 10:46:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A6.tmp
2008-01-04 10:46:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A7.tmp
2008-01-04 10:47:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A8.tmp
2008-01-04 10:47:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1A9.tmp
2008-01-04 10:48:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AA.tmp
2008-01-04 10:48:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AB.tmp
2008-01-04 10:49:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AC.tmp
2008-01-04 10:49:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AD.tmp
2008-01-04 10:50:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AE.tmp
2008-01-04 11:02:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1AF.tmp
2008-01-05 16:41:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B.tmp
2008-01-04 11:03:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B0.tmp
2008-01-04 11:03:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B1.tmp
2008-01-04 11:04:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B2.tmp
2008-01-04 11:04:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B3.tmp
2008-01-05 20:30:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B4.tmp
2008-01-04 11:05:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B5.tmp
2008-01-04 11:06:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B6.tmp
2008-01-04 11:06:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B7.tmp
2008-01-04 11:06:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B8.tmp
2008-01-04 11:07:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1B9.tmp
2008-01-04 11:07:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BA.tmp
2008-01-04 11:08:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BB.tmp
2008-01-04 11:08:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BC.tmp
2008-01-04 11:09:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BD.tmp
2008-01-04 11:09:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BE.tmp
2008-01-04 11:10:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1BF.tmp
2008-01-05 16:42:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C.tmp
2008-01-04 11:10:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C0.tmp
2008-01-04 11:10:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C1.tmp
2008-01-04 11:11:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C2.tmp
2008-01-04 11:11:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C3.tmp
2008-01-04 11:12:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C4.tmp
2008-01-04 11:13:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C5.tmp
2008-01-04 11:13:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C6.tmp
2008-01-04 11:13:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C7.tmp
2008-01-04 11:14:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C8.tmp
2008-01-04 11:15:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1C9.tmp
2008-01-04 11:16:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CA.tmp
2008-01-04 11:17:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CB.tmp
2008-01-04 11:18:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CC.tmp
2008-01-04 11:19:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CD.tmp
2008-01-04 11:20:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CE.tmp
2008-01-04 11:22:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1CF.tmp
2008-01-05 16:43:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D.tmp
2008-01-04 11:24:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D0.tmp
2008-01-04 11:25:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D1.tmp
2008-01-04 11:27:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D2.tmp
2008-01-04 11:28:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D3.tmp
2008-01-04 11:29:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D4.tmp
2008-01-04 11:31:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D5.tmp
2008-01-04 11:32:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D6.tmp
2008-01-04 11:33:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D7.tmp
2008-01-04 11:34:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D8.tmp
2008-01-04 11:36:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1D9.tmp
2008-01-04 11:37:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DA.tmp
2008-01-04 11:38:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DB.tmp
2008-01-04 11:39:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DC.tmp
2008-01-04 11:40:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DD.tmp
2008-01-04 11:41:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DE.tmp
2008-01-04 11:43:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1DF.tmp
2008-01-05 16:43:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E.tmp
2008-01-04 11:44:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E0.tmp
2008-01-04 11:45:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E1.tmp
2008-01-04 11:47:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E2.tmp
2008-01-05 20:31:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E3.tmp
2008-01-04 11:51:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E4.tmp
2008-01-04 11:53:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E5.tmp
2008-01-04 11:54:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E6.tmp
2008-01-04 11:56:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E7.tmp
2008-01-04 11:58:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E8.tmp
2008-01-04 12:00:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1E9.tmp
2008-01-04 12:02:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1EA.tmp
2008-01-04 12:04:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1EB.tmp
2008-01-04 12:07:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1EC.tmp
2008-01-04 12:09:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1ED.tmp
2008-01-04 12:10:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1EE.tmp
2008-01-04 12:13:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1EF.tmp
2008-01-05 16:44:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F.tmp
2008-01-04 12:15:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F0.tmp
2008-01-04 12:17:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F1.tmp
2008-01-04 12:19:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F2.tmp
2008-01-04 12:21:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F3.tmp
2008-01-04 12:23:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F4.tmp
2008-01-04 12:24:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F5.tmp
2008-01-04 12:26:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F6.tmp
2008-01-04 12:27:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F7.tmp
2008-01-04 12:29:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F8.tmp
2008-01-04 12:30:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1F9.tmp
2008-01-04 12:32:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FA.tmp
2008-01-04 12:38:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FB.tmp
2008-01-04 12:39:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FC.tmp
2008-01-04 12:41:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FD.tmp
2008-01-04 12:42:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FE.tmp
2008-01-04 12:44:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT1FF.tmp
2008-01-05 16:44:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20.tmp
2008-01-04 12:46:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT200.tmp
2008-01-04 12:48:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT201.tmp
2008-01-04 12:50:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT202.tmp
2008-01-04 12:52:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT203.tmp
2008-01-04 12:54:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT204.tmp
2008-01-04 12:57:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT205.tmp
2008-01-04 12:59:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT206.tmp
2008-01-04 13:01:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT207.tmp
2008-01-04 13:03:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT208.tmp
2008-01-04 13:05:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT209.tmp
2008-01-04 13:07:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20A.tmp
2008-01-04 13:09:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20B.tmp
2008-01-04 13:11:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20C.tmp
2008-01-04 13:13:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20D.tmp
2008-01-04 13:15:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20E.tmp
2008-01-04 13:16:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT20F.tmp
2008-01-05 16:45:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21.tmp
2008-01-04 13:18:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT210.tmp
2008-01-04 13:20:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT211.tmp
2008-01-04 13:21:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT212.tmp
2008-01-04 13:22:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT213.tmp
2008-01-04 13:23:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT214.tmp
2008-01-04 13:25:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT215.tmp
2008-01-05 20:22:31 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT216.tmp
2008-01-04 13:28:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT217.tmp
2008-01-04 13:29:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT218.tmp
2008-01-04 13:31:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT219.tmp
2008-01-04 13:33:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21A.tmp
2008-01-04 13:35:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21B.tmp
2008-01-04 13:38:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21C.tmp
2008-01-04 13:40:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21D.tmp
2008-01-04 13:42:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21E.tmp
2008-01-04 13:44:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT21F.tmp
2008-01-05 16:45:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22.tmp
2008-01-04 13:46:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT220.tmp
2008-01-04 13:48:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT221.tmp
2008-01-04 13:50:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT222.tmp
2008-01-04 13:51:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT223.tmp
2008-01-04 13:52:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT224.tmp
2008-01-04 13:54:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT225.tmp
2008-01-04 13:56:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT226.tmp
2008-01-04 13:57:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT227.tmp
2008-01-04 13:59:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT228.tmp
2008-01-04 14:00:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT229.tmp
2008-01-04 14:02:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22A.tmp
2008-01-04 14:03:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22B.tmp
2008-01-04 14:04:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22C.tmp
2008-01-04 14:05:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22D.tmp
2008-01-04 14:06:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22E.tmp
2008-01-04 14:07:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT22F.tmp
2008-01-05 16:45:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23.tmp
2008-01-04 14:08:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT230.tmp
2008-01-04 14:09:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT231.tmp
2008-01-04 14:10:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT232.tmp
2008-01-04 14:11:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT233.tmp
2008-01-04 14:12:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT234.tmp
2008-01-04 14:13:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT235.tmp
2008-01-04 14:14:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT236.tmp
2008-01-04 14:16:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT237.tmp
2008-01-04 14:17:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT238.tmp
2008-01-04 14:32:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT239.tmp
2008-01-04 14:33:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23A.tmp
2008-01-04 14:33:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23B.tmp
2008-01-04 14:34:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23C.tmp
2008-01-04 14:34:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23D.tmp
2008-01-04 14:34:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23E.tmp
2008-01-04 14:35:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT23F.tmp
2008-01-05 16:46:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24.tmp
2008-01-05 20:32:59 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT240.tmp
2008-01-04 14:36:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT241.tmp
2008-01-04 14:36:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT242.tmp
2008-01-04 14:37:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT243.tmp
2008-01-04 14:37:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT244.tmp
2008-01-04 14:38:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT245.tmp
2008-01-04 14:38:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT246.tmp
2008-01-04 14:39:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT247.tmp
2008-01-04 14:39:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT248.tmp
2008-01-04 14:40:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT249.tmp
2008-01-04 14:40:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24A.tmp
2008-01-04 14:41:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24B.tmp
2008-01-04 14:41:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24C.tmp
2008-01-04 14:42:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24D.tmp
2008-01-04 14:42:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24E.tmp
2008-01-04 14:43:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT24F.tmp
2008-01-05 16:46:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25.tmp
2008-01-04 14:43:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT250.tmp
2008-01-04 14:43:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT251.tmp
2008-01-04 14:44:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT252.tmp
2008-01-04 14:44:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT253.tmp
2008-01-04 14:45:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT254.tmp
2008-01-04 14:45:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT255.tmp
2008-01-04 14:46:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT256.tmp
2008-01-04 14:47:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT257.tmp
2008-01-04 14:47:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT258.tmp
2008-01-04 14:48:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT259.tmp
2008-01-04 14:48:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25A.tmp
2008-01-04 14:49:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25B.tmp
2008-01-04 14:49:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25C.tmp
2008-01-04 14:50:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25D.tmp
2008-01-04 14:50:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25E.tmp
2008-01-04 14:51:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT25F.tmp
2008-01-05 16:47:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26.tmp
2008-01-04 14:51:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT260.tmp
2008-01-04 14:52:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT261.tmp
2008-01-04 14:52:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT262.tmp
2008-01-04 14:53:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT263.tmp
2008-01-04 14:53:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT264.tmp
2008-01-04 14:54:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT265.tmp
2008-01-04 14:54:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT266.tmp
2008-01-04 14:54:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT267.tmp
2008-01-04 14:55:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT268.tmp
2008-01-04 14:55:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT269.tmp
2008-01-04 14:56:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26A.tmp
2008-01-04 14:56:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26B.tmp
2008-01-04 14:57:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26C.tmp
2008-01-04 14:58:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26D.tmp
2008-01-04 14:58:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26E.tmp
2008-01-04 14:59:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT26F.tmp
2008-01-05 16:47:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27.tmp
2008-01-04 14:59:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT270.tmp
2008-01-04 15:00:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT271.tmp
2008-01-04 15:01:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT272.tmp
2008-01-04 15:01:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT273.tmp
2008-01-04 15:02:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT274.tmp
2008-01-04 15:02:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT275.tmp
2007-12-29 17:43:05 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT276.tmp
2008-01-04 15:03:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT277.tmp
2008-01-04 15:03:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT278.tmp
2008-01-04 15:04:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT279.tmp
2008-01-04 15:04:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27A.tmp
2008-01-04 15:05:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27B.tmp
2008-01-04 15:05:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27C.tmp
2008-01-04 15:05:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27D.tmp
2008-01-05 20:21:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27E.tmp
2008-01-04 15:06:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT27F.tmp
2008-01-05 16:48:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28.tmp
2008-01-05 20:35:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT280.tmp
2008-01-04 15:08:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT281.tmp
2008-01-04 15:08:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT282.tmp
2008-01-04 15:08:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT283.tmp
2008-01-04 15:09:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT284.tmp
2008-01-04 15:09:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT285.tmp
2008-01-04 15:10:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT286.tmp
2008-01-04 15:10:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT287.tmp
2008-01-04 15:11:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT288.tmp
2008-01-04 15:11:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT289.tmp
2008-01-04 15:12:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28A.tmp
2008-01-04 15:12:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28B.tmp
2008-01-04 15:13:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28C.tmp
2008-01-04 15:13:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28D.tmp
2008-01-04 15:14:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28E.tmp
2008-01-04 15:14:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT28F.tmp
2008-01-05 16:48:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29.tmp
2008-01-04 15:15:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT290.tmp
2008-01-04 15:15:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT291.tmp
2008-01-04 15:16:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT292.tmp
2008-01-04 15:16:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT293.tmp
2008-01-04 15:17:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT294.tmp
2008-01-04 15:17:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT295.tmp
2008-01-04 15:18:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT296.tmp
2008-01-04 15:18:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT297.tmp
2008-01-04 15:19:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT298.tmp
2008-01-04 15:19:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT299.tmp
2008-01-04 15:20:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29A.tmp
2008-01-04 15:20:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29B.tmp
2008-01-04 15:20:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29C.tmp
2008-01-04 15:21:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29D.tmp
2008-01-04 15:21:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29E.tmp
2008-01-04 15:22:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT29F.tmp
2008-01-05 16:49:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A.tmp
2008-01-04 15:22:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A0.tmp
2008-01-04 15:23:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A1.tmp
2008-01-04 15:23:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A2.tmp
2008-01-04 15:24:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A3.tmp
2008-01-04 15:24:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A4.tmp
2008-01-04 15:25:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A5.tmp
2008-01-04 15:25:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A6.tmp
2008-01-04 15:26:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A7.tmp
2008-01-04 15:26:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A8.tmp
2008-01-04 15:27:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2A9.tmp
2008-01-04 15:27:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AA.tmp
2008-01-04 15:28:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AB.tmp
2008-01-04 15:28:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AC.tmp
2008-01-04 15:29:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AD.tmp
2008-01-04 15:29:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AE.tmp
2008-01-04 15:30:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2AF.tmp
2008-01-05 17:59:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B.tmp
2008-01-04 15:30:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B0.tmp
2008-01-04 15:31:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B1.tmp
2008-01-04 15:31:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B2.tmp
2008-01-04 15:32:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B3.tmp
2008-01-04 15:32:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B4.tmp
2008-01-04 15:33:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B5.tmp
2008-01-04 15:33:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B6.tmp
2008-01-04 15:34:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B7.tmp
2008-01-04 15:34:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B8.tmp
2008-01-04 15:35:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2B9.tmp
2008-01-04 15:35:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BA.tmp
2008-01-04 15:36:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BB.tmp
2008-01-04 15:36:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BC.tmp
2008-01-04 15:37:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BD.tmp
2008-01-04 15:37:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BE.tmp
2008-01-04 15:38:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2BF.tmp
2008-01-03 18:58:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C.tmp
2008-01-04 18:16:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C0.tmp
2008-01-04 18:17:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C1.tmp
2008-01-04 18:18:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C2.tmp
2008-01-04 18:18:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C3.tmp
2008-01-04 18:19:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C4.tmp
2008-01-04 18:19:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C5.tmp
2008-01-04 18:19:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C6.tmp
2008-01-04 18:20:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C7.tmp
2008-01-04 18:20:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C8.tmp
2008-01-04 18:21:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2C9.tmp
2008-01-04 18:21:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CA.tmp
2008-01-04 18:22:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CB.tmp
2008-01-04 18:22:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CC.tmp
2008-01-04 18:23:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CD.tmp
2008-01-04 18:23:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CE.tmp
2008-01-04 18:23:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2CF.tmp
2008-01-06 08:18:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D.tmp
2008-01-04 18:24:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D0.tmp
2008-01-04 18:24:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D1.tmp
2008-01-04 18:25:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D2.tmp
2008-01-04 18:25:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D3.tmp
2008-01-04 18:26:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D4.tmp
2008-01-05 20:38:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D5.tmp
2008-01-04 18:26:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D6.tmp
2008-01-04 18:27:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D7.tmp
2008-01-04 18:27:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D8.tmp
2008-01-04 18:28:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2D9.tmp
2008-01-04 18:28:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DA.tmp
2008-01-04 18:29:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DB.tmp
2008-01-04 18:29:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DC.tmp
2008-01-04 18:30:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DD.tmp
2008-01-04 18:30:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DE.tmp
2008-01-04 18:30:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2DF.tmp
2008-01-03 19:02:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E.tmp
2008-01-04 18:31:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E0.tmp
2008-01-04 18:32:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E1.tmp
2008-01-04 18:32:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E2.tmp
2008-01-04 18:32:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E3.tmp
2008-01-04 18:33:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E4.tmp
2008-01-04 18:34:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E5.tmp
2008-01-04 18:35:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E6.tmp
2008-01-04 18:36:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E7.tmp
2008-01-04 18:38:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E8.tmp
2008-01-04 18:39:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2E9.tmp
2008-01-04 18:40:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2EA.tmp
2008-01-04 18:41:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2EB.tmp
2008-01-04 18:42:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2EC.tmp
2008-01-05 20:28:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2ED.tmp
2008-01-04 18:44:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2EE.tmp
2008-01-04 18:45:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2EF.tmp
2008-01-05 20:13:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F.tmp
2008-01-04 18:46:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F0.tmp
2008-01-04 18:46:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F1.tmp
2008-01-04 18:47:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F2.tmp
2008-01-04 18:48:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F3.tmp
2008-01-04 18:49:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F4.tmp
2008-01-04 18:50:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F5.tmp
2008-01-04 18:51:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F6.tmp
2008-01-04 18:53:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F7.tmp
2008-01-04 18:54:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F8.tmp
2008-01-04 18:55:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2F9.tmp
2008-01-04 18:56:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FA.tmp
2008-01-04 19:02:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FB.tmp
2008-01-04 19:04:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FC.tmp
2008-01-04 19:05:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FD.tmp
2008-01-04 19:06:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FE.tmp
2008-01-04 19:08:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT2FF.tmp
2008-01-03 19:04:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30.tmp
2008-01-04 19:09:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT300.tmp
2008-01-04 19:11:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT301.tmp
2008-01-04 19:13:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT302.tmp
2008-01-04 19:15:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT303.tmp
2008-01-04 19:16:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT304.tmp
2008-01-04 19:18:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT305.tmp
2008-01-04 19:19:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT306.tmp
2008-01-04 19:21:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT307.tmp
2008-01-04 19:22:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT308.tmp
2008-01-04 19:24:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT309.tmp
2008-01-04 19:26:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30A.tmp
2008-01-04 19:28:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30B.tmp
2008-01-04 19:30:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30C.tmp
2008-01-04 19:31:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30D.tmp
2008-01-04 19:32:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30E.tmp
2008-01-04 19:33:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT30F.tmp
2008-01-03 19:06:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31.tmp
2008-01-05 20:45:14 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT310.tmp
2008-01-04 19:37:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT311.tmp
2008-01-04 19:38:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT312.tmp
2008-01-04 19:40:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT313.tmp
2008-01-04 19:42:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT314.tmp
2008-01-04 19:44:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT315.tmp
2008-01-04 19:45:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT316.tmp
2008-01-04 19:48:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT317.tmp
2008-01-04 19:50:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT318.tmp
2008-01-04 19:52:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT319.tmp
2008-01-04 19:55:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31A.tmp
2008-01-04 19:57:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31B.tmp
2008-01-04 19:58:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31C.tmp
2008-01-04 20:01:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31D.tmp
2008-01-04 20:03:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31E.tmp
2008-01-04 20:05:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT31F.tmp
2008-01-03 19:07:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32.tmp
2008-01-04 20:07:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT320.tmp
2008-01-04 20:09:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT321.tmp
2008-01-04 20:10:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT322.tmp
2008-01-04 20:12:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT323.tmp
2008-01-04 20:13:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT324.tmp
2008-01-04 20:14:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT325.tmp
2008-01-04 20:15:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT326.tmp
2008-01-04 20:15:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT327.tmp
2008-01-04 20:17:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT328.tmp
2008-01-04 20:17:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT329.tmp
2008-01-04 20:18:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32A.tmp
2008-01-04 20:19:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32B.tmp
2008-01-04 20:21:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32C.tmp
2008-01-04 20:22:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32D.tmp
2008-01-04 20:23:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32E.tmp
2008-01-04 20:24:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT32F.tmp
2008-01-03 16:02:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33.tmp
2008-01-04 20:26:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT330.tmp
2008-01-04 20:28:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT331.tmp
2008-01-04 20:29:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT332.tmp
2008-01-04 20:30:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT333.tmp
2008-01-04 20:32:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT334.tmp
2008-01-04 20:33:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT335.tmp
2008-01-04 20:34:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT336.tmp
2008-01-04 20:35:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT337.tmp
2008-01-04 20:36:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT338.tmp
2008-01-04 20:38:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT339.tmp
2008-01-04 20:40:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33A.tmp
2008-01-04 20:41:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33B.tmp
2008-01-04 20:43:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33C.tmp
2008-01-04 20:45:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33D.tmp
2008-01-04 20:47:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33E.tmp
2008-01-04 20:49:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT33F.tmp
2008-01-03 19:09:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34.tmp
2008-01-04 20:50:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT340.tmp
2008-01-04 20:52:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT341.tmp
2008-01-04 20:53:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT342.tmp
2008-01-04 20:55:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT343.tmp
2008-01-04 20:56:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT344.tmp
2008-01-04 20:58:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT345.tmp
2008-01-04 20:59:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT346.tmp
2008-01-04 21:01:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT347.tmp
2008-01-04 21:03:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT348.tmp
2008-01-04 21:05:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT349.tmp
2008-01-04 21:08:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34A.tmp
2008-01-04 21:10:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34B.tmp
2008-01-04 21:11:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34C.tmp
2008-01-04 21:13:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34D.tmp
2008-01-04 21:14:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34E.tmp
2008-01-04 21:15:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT34F.tmp
2008-01-03 19:10:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35.tmp
2008-01-04 21:16:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT350.tmp
2008-01-04 21:17:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT351.tmp
2008-01-04 21:18:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT352.tmp
2008-01-04 21:19:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT353.tmp
2008-01-04 21:20:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT354.tmp
2008-01-04 21:21:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT355.tmp
2008-01-04 21:21:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT356.tmp
2008-01-04 21:22:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT357.tmp
2008-01-04 21:23:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT358.tmp
2008-01-05 09:57:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT359.tmp
2008-01-05 09:58:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35A.tmp
2008-01-05 09:59:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35B.tmp
2008-01-05 09:59:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35C.tmp
2008-01-05 10:00:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35D.tmp
2008-01-05 10:00:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35E.tmp
2008-01-05 10:00:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT35F.tmp
2008-01-03 19:12:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36.tmp
2008-01-05 10:01:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT360.tmp
2008-01-05 10:01:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT361.tmp
2008-01-05 10:02:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT362.tmp
2008-01-05 10:02:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT363.tmp
2008-01-05 10:03:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT364.tmp
2008-01-05 10:03:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT365.tmp
2008-01-05 10:04:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT366.tmp
2008-01-05 10:04:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT367.tmp
2008-01-05 10:04:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT368.tmp
2008-01-05 10:05:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT369.tmp
2008-01-05 10:05:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36A.tmp
2008-01-05 10:06:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36B.tmp
2008-01-05 10:06:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36C.tmp
2008-01-05 10:07:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36D.tmp
2008-01-05 10:07:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36E.tmp
2008-01-05 10:07:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT36F.tmp
2008-01-03 19:15:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37.tmp
2008-01-05 10:08:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT370.tmp
2008-01-05 10:08:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT371.tmp
2008-01-05 10:09:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT372.tmp
2008-01-05 10:09:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT373.tmp
2008-01-05 10:10:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT374.tmp
2008-01-05 10:10:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT375.tmp
2008-01-05 10:11:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT376.tmp
2008-01-05 10:11:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT377.tmp
2008-01-05 10:12:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT378.tmp
2008-01-05 10:12:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT379.tmp
2008-01-05 10:12:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37A.tmp
2008-01-05 10:13:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37B.tmp
2008-01-05 10:13:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37C.tmp
2008-01-05 10:14:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37D.tmp
2008-01-05 10:15:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37E.tmp
2008-01-05 10:16:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT37F.tmp
2008-01-03 15:53:34 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38.tmp
2008-01-05 10:17:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT380.tmp
2008-01-05 10:17:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT381.tmp
2008-01-05 10:18:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT382.tmp
2008-01-05 10:18:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT383.tmp
2008-01-05 10:19:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT384.tmp
2008-01-05 10:21:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT385.tmp
2008-01-05 10:22:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT386.tmp
2008-01-05 10:24:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT387.tmp
2008-01-05 10:25:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT388.tmp
2008-01-05 10:26:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT389.tmp
2008-01-05 10:26:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38A.tmp
2008-01-05 10:28:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38B.tmp
2008-01-05 10:30:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38C.tmp
2008-01-05 10:31:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38D.tmp
2008-01-05 10:32:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38E.tmp
2008-01-05 10:34:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT38F.tmp
2008-01-03 19:17:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39.tmp
2008-01-05 10:36:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT390.tmp
2008-01-05 10:38:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT391.tmp
2008-01-05 10:40:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT392.tmp
2008-01-05 10:43:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT393.tmp
2008-01-05 10:44:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT394.tmp
2008-01-05 10:46:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT395.tmp
2008-01-05 10:47:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT396.tmp
2008-01-05 10:48:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT397.tmp
2008-01-05 10:49:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT398.tmp
2008-01-05 10:51:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT399.tmp
2008-01-05 10:52:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39A.tmp
2008-01-05 10:54:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39B.tmp
2008-01-05 10:56:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39C.tmp
2008-01-05 10:58:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39D.tmp
2008-01-05 11:00:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39E.tmp
2008-01-05 11:03:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT39F.tmp
2008-01-03 19:19:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A.tmp
2008-01-05 11:04:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A0.tmp
2008-01-05 11:06:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A1.tmp
2008-01-05 11:07:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A2.tmp
2008-01-05 11:10:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A3.tmp
2008-01-05 11:12:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A4.tmp
2008-01-05 11:14:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A5.tmp
2008-01-05 11:17:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A6.tmp
2008-01-05 11:19:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A7.tmp
2008-01-05 11:21:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A8.tmp
2008-01-05 11:23:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3A9.tmp
2008-01-05 11:25:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AA.tmp
2008-01-05 11:27:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AB.tmp
2008-01-05 11:29:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AC.tmp
2008-01-05 11:31:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AD.tmp
2008-01-05 11:33:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AE.tmp
2008-01-05 11:35:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3AF.tmp
2008-01-03 19:21:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B.tmp
2008-01-05 11:37:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B0.tmp
2008-01-05 11:39:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B1.tmp
2008-01-05 11:42:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B2.tmp
2008-01-05 11:43:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B3.tmp
2008-01-05 11:46:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B4.tmp
2008-01-05 11:48:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B5.tmp
2008-01-05 11:51:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B6.tmp
2008-01-05 11:53:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B7.tmp
2008-01-05 11:54:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B8.tmp
2008-01-05 11:57:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3B9.tmp
2008-01-05 11:58:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BA.tmp
2008-01-05 12:00:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BB.tmp
2008-01-05 12:02:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BC.tmp
2008-01-05 12:03:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BD.tmp
2008-01-05 12:04:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BE.tmp
2008-01-05 12:04:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3BF.tmp
2008-01-03 19:23:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C.tmp
2008-01-05 12:05:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C0.tmp
2008-01-05 12:05:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C1.tmp
2008-01-05 12:07:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C2.tmp
2008-01-05 12:09:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C3.tmp
2008-01-05 12:11:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C4.tmp
2008-01-05 12:14:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C5.tmp
2008-01-05 12:17:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C6.tmp
2008-01-05 12:19:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C7.tmp
2008-01-05 12:22:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C8.tmp
2008-01-05 12:24:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3C9.tmp
2008-01-05 12:26:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CA.tmp
2008-01-05 12:29:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CB.tmp
2008-01-05 12:31:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CC.tmp
2008-01-05 12:33:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CD.tmp
2008-01-05 12:34:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CE.tmp
2008-01-05 12:35:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3CF.tmp
2008-01-03 19:24:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D.tmp
2008-01-05 12:35:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D0.tmp
2008-01-05 12:36:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D1.tmp
2008-01-05 12:37:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D2.tmp
2008-01-05 12:39:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D3.tmp
2008-01-05 12:39:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D4.tmp
2008-01-05 12:44:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D5.tmp
2008-01-05 12:46:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D6.tmp
2008-01-05 12:47:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D7.tmp
2008-01-05 12:48:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D8.tmp
2008-01-05 12:56:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3D9.tmp
2008-01-05 12:57:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3DA.tmp
2008-01-05 12:58:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3DC.tmp
2008-01-05 12:59:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3DE.tmp
2008-01-05 12:59:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3DF.tmp
2008-01-01 21:54:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E.tmp
2008-01-05 13:01:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E0.tmp
2008-01-05 13:02:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E1.tmp
2008-01-05 13:03:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E2.tmp
2008-01-05 13:04:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E3.tmp
2008-01-05 13:06:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E4.tmp
2008-01-05 13:07:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E5.tmp
2008-01-05 13:08:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E6.tmp
2008-01-05 13:10:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E7.tmp
2008-01-05 13:12:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E8.tmp
2008-01-05 13:14:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3E9.tmp
2008-01-05 13:16:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3EA.tmp
2008-01-05 13:18:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3EB.tmp
2008-01-05 13:21:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3EC.tmp
2008-01-05 13:23:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3ED.tmp
2008-01-05 13:25:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3EE.tmp
2008-01-05 13:28:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3EF.tmp
2008-01-03 19:25:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F.tmp
2008-01-05 13:30:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F0.tmp
2008-01-05 13:32:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F1.tmp
2008-01-05 13:34:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F2.tmp
2008-01-05 13:35:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F3.tmp
2008-01-05 13:36:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F4.tmp
2008-01-05 13:38:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F5.tmp
2008-01-05 13:39:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F6.tmp
2008-01-05 13:41:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F7.tmp
2008-01-05 13:43:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F8.tmp
2008-01-05 13:44:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3F9.tmp
2008-01-05 13:46:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FA.tmp
2008-01-05 13:48:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FB.tmp
2008-01-05 13:50:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FC.tmp
2008-01-05 13:52:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FD.tmp
2008-01-05 13:53:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FE.tmp
2008-01-05 13:55:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT3FF.tmp
2008-01-03 19:26:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40.tmp
2008-01-05 13:56:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT400.tmp
2008-01-05 13:58:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT401.tmp
2008-01-05 13:59:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT402.tmp
2008-01-05 14:00:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT403.tmp
2008-01-05 14:01:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT404.tmp
2008-01-05 14:03:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT405.tmp
2008-01-05 14:04:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT406.tmp
2008-01-05 14:06:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT407.tmp
2008-01-05 14:08:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT408.tmp
2008-01-05 14:10:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT409.tmp
2008-01-05 14:13:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40A.tmp
2008-01-05 14:17:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40B.tmp
2008-01-05 14:20:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40C.tmp
2008-01-05 14:24:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40D.tmp
2008-01-05 14:28:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40E.tmp
2008-01-05 14:31:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT40F.tmp
2008-01-03 19:27:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41.tmp
2008-01-05 14:35:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT410.tmp
2008-01-05 14:38:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT411.tmp
2008-01-05 14:41:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT412.tmp
2008-01-05 14:44:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT413.tmp
2008-01-05 14:49:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT414.tmp
2008-01-05 14:52:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT415.tmp
2008-01-05 14:55:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT416.tmp
2008-01-05 14:58:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT417.tmp
2008-01-05 15:01:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT418.tmp
2008-01-05 15:04:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT419.tmp
2008-01-05 15:08:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41A.tmp
2008-01-05 15:12:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41B.tmp
2008-01-05 15:14:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41C.tmp
2008-01-05 15:17:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41D.tmp
2008-01-05 15:20:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41E.tmp
2008-01-05 16:03:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT41F.tmp
2008-01-03 19:29:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42.tmp
2008-01-05 16:04:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT420.tmp
2008-01-05 16:04:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT421.tmp
2008-01-05 16:05:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT422.tmp
2008-01-05 16:06:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT423.tmp
2008-01-05 16:06:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT424.tmp
2008-01-05 16:07:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT425.tmp
2008-01-05 16:08:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT426.tmp
2008-01-05 16:09:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT427.tmp
2008-01-05 16:09:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT428.tmp
2008-01-05 16:10:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT429.tmp
2008-01-05 16:11:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42A.tmp
2008-01-05 16:12:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42B.tmp
2008-01-05 16:12:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42C.tmp
2008-01-05 16:13:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42D.tmp
2008-01-05 16:14:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42E.tmp
2008-01-05 16:14:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT42F.tmp
2008-01-03 19:32:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43.tmp
2008-01-05 16:14:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT430.tmp
2008-01-05 16:15:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT431.tmp
2008-01-05 16:15:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT432.tmp
2008-01-05 16:16:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT433.tmp
2008-01-05 16:16:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT434.tmp
2008-01-05 16:17:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT435.tmp
2008-01-05 16:17:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT436.tmp
2008-01-05 16:18:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT437.tmp
2008-01-05 16:18:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT438.tmp
2008-01-05 16:19:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT439.tmp
2008-01-05 16:19:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43A.tmp
2008-01-05 16:20:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43C.tmp
2008-01-05 16:20:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43D.tmp
2008-01-05 16:21:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43E.tmp
2008-01-05 16:22:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT43F.tmp
2008-01-03 18:37:12 318649 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44.tmp
2008-01-05 16:22:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT440.tmp
2008-01-05 16:23:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT441.tmp
2008-01-05 16:23:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT442.tmp
2008-01-05 16:24:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT443.tmp
2008-01-05 16:24:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT444.tmp
2008-01-05 16:25:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT445.tmp
2008-01-05 16:26:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT446.tmp
2008-01-05 16:26:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT447.tmp
2008-01-05 16:27:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT448.tmp
2008-01-05 16:28:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT449.tmp
2008-01-05 16:29:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44A.tmp
2008-01-05 16:29:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44B.tmp
2008-01-05 16:30:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44C.tmp
2008-01-05 16:30:37 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44D.tmp
2008-01-05 16:31:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44E.tmp
2008-01-05 16:31:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT44F.tmp
2008-01-03 19:34:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT45.tmp
2008-01-05 16:32:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT450.tmp
2008-01-05 16:33:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT451.tmp
2008-01-05 16:33:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT452.tmp
2008-01-05 16:33:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT453.tmp
2008-01-05 16:34:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT454.tmp
2008-01-03 19:38:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT46.tmp
2008-01-03 19:41:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT47.tmp
2008-01-03 19:43:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT48.tmp
2008-01-03 19:46:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT49.tmp
2008-01-03 19:49:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4A.tmp
2008-01-03 19:51:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4B.tmp
2008-01-05 20:14:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4C.tmp
2008-01-03 19:55:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4D.tmp
2008-01-03 19:57:52 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4E.tmp
2008-01-03 20:00:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT4F.tmp
2007-12-28 17:11:23 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5.tmp
2008-01-03 20:02:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT50.tmp
2008-01-03 20:04:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT51.tmp
2008-01-03 20:05:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT52.tmp
2008-01-03 20:07:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT53.tmp
2008-01-03 20:08:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT54.tmp
2008-01-03 20:10:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT55.tmp
2008-01-03 20:12:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT56.tmp
2008-01-03 20:13:58 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT57.tmp
2008-01-03 20:15:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT58.tmp
2008-01-03 20:16:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT59.tmp
2008-01-03 20:18:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5A.tmp
2008-01-03 20:20:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5B.tmp
2008-01-03 20:22:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5C.tmp
2008-01-03 20:24:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5D.tmp
2008-01-03 20:26:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5E.tmp
2008-01-03 20:27:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT5F.tmp
2008-01-05 16:34:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6.tmp
2008-01-03 20:29:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT60.tmp
2008-01-03 20:31:15 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT61.tmp
2008-01-03 20:32:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT62.tmp
2008-01-03 20:34:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT63.tmp
2008-01-03 20:35:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT64.tmp
2008-01-03 20:37:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT65.tmp
2008-01-03 20:41:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT66.tmp
2008-01-03 20:42:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT67.tmp
2008-01-03 20:44:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT68.tmp
2008-01-03 20:45:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT69.tmp
2008-01-03 20:47:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6A.tmp
2008-01-03 20:49:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6B.tmp
2008-01-03 20:50:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6C.tmp
2008-01-03 20:52:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6D.tmp
2008-01-03 20:54:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6E.tmp
2008-01-05 20:16:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT6F.tmp
2007-12-25 20:34:29 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7.tmp
2008-01-03 20:57:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT70.tmp
2008-01-03 20:59:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT71.tmp
2008-01-03 21:00:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT72.tmp
2008-01-03 21:01:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT73.tmp
2008-01-03 21:03:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT74.tmp
2008-01-03 21:04:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT75.tmp
2008-01-03 21:06:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT76.tmp
2008-01-03 21:07:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT77.tmp
2008-01-04 05:34:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT78.tmp
2008-01-04 05:35:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT79.tmp
2008-01-04 05:35:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7A.tmp
2008-01-04 05:36:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7B.tmp
2008-01-04 05:41:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7C.tmp
2008-01-04 05:42:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7D.tmp
2008-01-04 05:43:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7E.tmp
2008-01-04 05:44:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT7F.tmp
2007-12-25 20:52:12 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8.tmp
2008-01-04 05:45:07 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT80.tmp
2008-01-04 05:46:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT81.tmp
2008-01-04 05:47:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT82.tmp
2008-01-04 05:48:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT83.tmp
2008-01-04 05:49:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT84.tmp
2008-01-04 05:50:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT85.tmp
2008-01-04 05:51:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT86.tmp
2008-01-04 05:52:31 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT87.tmp
2008-01-05 20:17:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT88.tmp
2008-01-05 20:18:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT89.tmp
2008-01-05 20:19:48 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8A.tmp
2008-01-05 19:28:18 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8B.tmp
2008-01-04 05:57:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8C.tmp
2008-01-04 05:58:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8D.tmp
2008-01-04 05:59:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8E.tmp
2008-01-04 06:00:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT8F.tmp
2008-01-05 18:53:58 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9.tmp
2008-01-04 06:01:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT90.tmp
2008-01-04 06:02:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT91.tmp
2008-01-04 06:03:45 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT92.tmp
2008-01-04 06:04:46 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT93.tmp
2008-01-04 06:05:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT94.tmp
2008-01-04 06:06:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT95.tmp
2008-01-04 06:07:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT96.tmp
2008-01-04 06:08:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT97.tmp
2008-01-04 06:10:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT98.tmp
2008-01-04 06:11:01 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT99.tmp
2008-01-04 06:12:02 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9A.tmp
2008-01-04 06:13:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9B.tmp
2008-01-04 06:14:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9C.tmp
2008-01-04 06:15:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9D.tmp
2008-01-04 06:16:03 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9E.tmp
2008-01-04 06:17:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BIT9F.tmp
2007-12-25 18:33:35 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA.tmp
2008-01-04 06:17:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA0.tmp
2008-01-04 06:18:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA1.tmp
2008-01-04 06:19:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA2.tmp
2008-01-04 06:20:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA3.tmp
2008-01-04 06:20:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA4.tmp
2008-01-04 06:21:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA5.tmp
2008-01-04 06:22:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA6.tmp
2008-01-04 06:23:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA7.tmp
2008-01-04 06:23:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA8.tmp
2008-01-04 06:24:40 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITA9.tmp
2008-01-04 06:25:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAA.tmp
2008-01-04 06:25:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAB.tmp
2008-01-04 06:26:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAC.tmp
2008-01-04 06:26:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAD.tmp
2008-01-04 06:27:22 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAE.tmp
2008-01-04 06:27:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITAF.tmp
2008-01-05 12:49:44 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB.tmp
2008-01-04 06:28:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB0.tmp
2008-01-04 06:29:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB1.tmp
2008-01-04 06:29:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB2.tmp
2008-01-04 06:30:26 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB3.tmp
2008-01-04 06:31:24 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB4.tmp
2008-01-04 06:32:11 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB5.tmp
2008-01-04 06:32:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB6.tmp
2008-01-04 06:33:12 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB7.tmp
2008-01-04 06:33:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB8.tmp
2008-01-04 06:34:19 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITB9.tmp
2008-01-04 06:35:10 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBA.tmp
2008-01-04 06:35:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBB.tmp
2008-01-04 06:36:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBC.tmp
2008-01-04 06:38:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBD.tmp
2008-01-04 06:39:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBE.tmp
2008-01-04 06:39:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITBF.tmp
2008-01-04 06:40:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC0.tmp
2008-01-04 06:40:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC1.tmp
2008-01-04 06:41:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC2.tmp
2008-01-04 06:42:56 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC3.tmp
2008-01-04 06:44:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC4.tmp
2008-01-04 06:44:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC5.tmp
2008-01-04 06:45:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC6.tmp
2008-01-04 06:46:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC7.tmp
2008-01-04 06:47:48 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC8.tmp
2008-01-04 06:48:50 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITC9.tmp
2008-01-04 06:50:06 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCA.tmp
2008-01-04 06:51:20 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCB.tmp
2008-01-04 06:52:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCC.tmp
2008-01-04 06:53:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCD.tmp
2008-01-04 06:54:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCE.tmp
2008-01-04 06:54:38 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITCF.tmp
2008-01-06 08:19:29 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD.tmp
2008-01-04 06:55:16 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD0.tmp
2008-01-04 06:55:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD1.tmp
2008-01-04 06:56:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD2.tmp
2008-01-04 06:57:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD3.tmp
2008-01-04 06:58:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD4.tmp
2008-01-04 06:58:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD5.tmp
2008-01-04 06:59:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD6.tmp
2008-01-04 07:00:28 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD7.tmp
2008-01-04 07:01:32 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD8.tmp
2008-01-04 07:02:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITD9.tmp
2008-01-04 07:03:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDA.tmp
2008-01-04 07:04:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDB.tmp
2008-01-04 07:05:36 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDC.tmp
2008-01-04 07:06:17 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDD.tmp
2008-01-04 07:06:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDE.tmp
2008-01-04 07:07:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITDF.tmp
2008-01-05 20:12:43 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE.tmp
2008-01-04 07:07:54 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE0.tmp
2008-01-04 07:08:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE1.tmp
2008-01-04 07:09:09 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE2.tmp
2008-01-04 07:09:57 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE3.tmp
2008-01-04 07:10:49 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE4.tmp
2008-01-04 07:11:34 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE5.tmp
2008-01-04 07:12:18 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE6.tmp
2008-01-04 07:12:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE7.tmp
2008-01-04 07:13:21 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE8.tmp
2008-01-04 07:13:51 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITE9.tmp
2008-01-04 07:14:27 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITEA.tmp
2008-01-04 07:14:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITEB.tmp
2008-01-04 07:15:30 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITEC.tmp
2008-01-04 07:16:00 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITED.tmp
2008-01-04 07:16:33 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITEE.tmp
2008-01-04 07:17:14 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITEF.tmp
2008-01-06 08:14:50 85946 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF.tmp
2008-01-04 07:18:04 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF0.tmp
2008-01-04 07:19:13 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF1.tmp
2008-01-04 07:19:43 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF2.tmp
2008-01-04 07:20:29 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF3.tmp
2008-01-04 07:21:35 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF4.tmp
2008-01-04 07:22:39 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF5.tmp
2008-01-04 07:23:53 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF6.tmp
2008-01-04 07:24:47 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF7.tmp
2008-01-04 07:25:55 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF8.tmp
2008-01-04 07:27:05 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITF9.tmp
2008-01-04 07:28:23 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFA.tmp
2008-01-04 07:29:25 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFB.tmp
2008-01-04 07:30:41 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFC.tmp
2008-01-04 07:31:42 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFD.tmp
2008-01-04 07:32:59 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFE.tmp
2008-01-04 07:34:08 0 --ah----- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\BITFF.tmp
2007-12-29 16:08:22 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\c72a_appcompat.txt
2007-12-29 21:53:52 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\ce45_appcompat.txt
2007-12-28 21:38:46 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\d0ee_appcompat.txt
2007-12-29 23:23:41 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\e36f_appcompat.txt
2008-01-04 09:17:30 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\e5a4_appcompat.txt
2007-12-30 09:41:30 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\f401_appcompat.txt
2007-12-31 17:11:06 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\f92_appcompat.txt
2008-01-02 08:30:30 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\fab2_appcompat.txt
2007-12-30 20:51:21 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\fd28_appcompat.txt
2008-01-04 11:00:37 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\fdb1_appcompat.txt
2008-01-03 21:18:21 50204 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\ff54_appcompat.txt
2007-12-28 12:20:26 0 d-------- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\Google Toolbar
2007-12-29 11:37:36 0 d-------- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\hsperfdata_Sherri Budworth
2007-12-29 10:57:07 416 --a------ C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\java_install_reg.log
2007-12-29 12:39:59 0 d-------- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\KAV Updater update files
2007-12-30 09:41:09 0 d-------- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\WER7c84.dir00
2008-01-06 08:13:51 0 d-------- C:\DOCUME~1\SHERRI~1\LOCALS~1\Temp\WPDNSE
2007-12-29 15:11:09 0 d--hs---- C:\WINDOWS\temp\Cookies
2007-12-29 15:11:09 0 d--hs---- C:\WINDOWS\temp\History
2007-12-28 11:07:41 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
2007-12-29 15:11:09 0 d--hs---- C:\WINDOWS\temp\Temporary Internet Files
2008-01-06 08:13:27 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-01-06 08:14:32 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2007-09-04 15:59:42 380144 --a------ C:\WINDOWS\Downloaded Program Files\sabspx.dll <Verified; SuperAdBlocker.com; Process Scanner>

-*- End of Logfile -*-
_______________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:40 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Sherri Budworth\Local Settings\Temp\{DD98EFCB-9EDE-4335-936D-9DD524DF3585}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9602 bytes

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 06 January 2008 - 08:46 PM

Hello Ocotillo,

It seems to me that the registry is corrupted, the Add/Remove Programs list is missing a lot of entries, I see only recently installed programs and that is a problem.

I need to see what is everything under uninstall key, so follow these steps:

Click start > Run - type in empty runbox cmd press OK. The cmd window should open. Copy&paste the following line in there:
reg save HKLM\Software\microsoft\windows\currentversion\uninstall c:\export.hiv
Right click on the cmd window and choose paste.
Press Enter.
(If you cant paste the above line then, type it into the cmd window and press enter)
When done, you will see this "The operation completed successfully"
It should look like shown in the screenshot:

Posted Image


Close cmd.

Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=29
and fill in the required fields, then Browse for this filename: c:\export.hiv
Click on the Send File button.

Let me know when you do that, also if you encounter any problems.

Regards,
SNOWHITE
Posted Image

#13 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 06 January 2008 - 10:12 PM

Snowhite,

File posted under this topic heading, no problems that I could see. Thanks once again.

Ocotillo

#14 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:57 PM

Posted 10 January 2008 - 03:07 PM

Hello Ocotillo,

I have some bad news for you, it seems that something is really wrong with your registry. I see that you have a lot of programs installed in your computer but the problem is that they don't show up in your uninstall list meaning their registry is missing, only the latest programs that we installed are showing up. I was trying to find if there is a way for fixing this but it seems its not going to be easy and might need a lot of work to at least fix some entries which is not enough for the computer to function right. You can try searching the uninstalls for programs, then uninstall them and re-install, which needs a lot work and probably you will not be able to find all of them. The other ways are if you try using system restore and go back to a point where the registry was not corrupted (if there is one), or make a back up of important data you have on the computer then make clean reinstall of windows which i think might be the best choice. Let me know what you think about this.

Regards,
SNOWHITE
Posted Image

#15 Ocotillo

Ocotillo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 12 January 2008 - 11:48 AM

My thanks Snowhite.

I had a feeling this might be the case. I'll see what restore points are available and give that a try. Failing that, I'll just reformat and reinstall the system and software.

Best regards,

Ocotillo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users