Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Browser Search Results in IE & Ffox


  • This topic is locked This topic is locked
48 replies to this topic

#1 melbasher

melbasher

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 17 February 2009 - 04:49 PM

About a week ago I ran a Google search in an old copy of Netscape 7.2. When I clicked on the result I wanted, Netscape crashed, as often happens with the old browser. I opened IE and ran the same Google search. I immediately noticed the search results were not the same as what just resulted using Netscape, and were returning links that appeared to be shopping and antiviral realted. I did not click on any of the links. I reopened Netscape and ran the search again to verify the difference in results, and confirmed same. Since then I have tried multiple spyware and malware removal tools. A few threats were found, but all scans now come out clean and yet the IE search results are still being hijacked. I downloaded Firefox today, hoping to use it as an alternative, and at some point noticed the same thing happening with the search results, yet the old Netscape still seems unaffected. I can provide logs from recent scans using: Malwarebytes, Super Antispyware, and Panda Active Scan if necessary. I need help, please!!!


DDS (Ver_09-02-01.01) - NTFSx86
Run by sherry at 16:07:14.14 on Tue 02/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1475 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\TelemetDataSource\TelemetQuoteService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\sherry\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title =
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [LANMessage] "f:\shared downloads\LANMessage.exe" Silent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FinishOptions] c:\docume~1\sherry\locals~1\temp\hpbinxst.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks basic\components\qbagent\qbdagent2002.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4CB3C837-368E-4258-BF8F-E12317BF8AD4} - hxxp://www.tfservicecenter.com/TONEUpgradeFiles/090608/sysreqs.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233066696152
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233066685733
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} - hxxp://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://friag.webex.com/client/T25L/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {89C3331E-D53C-40E4-BB5A-8698CB2078D4} = 192.168.240.3,64.94.156.1
TCP: {E916002E-40BA-469D-BB01-CB52B01EF1D4} = 192.168.240.3,64.94.156.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sherry\applic~1\mozilla\firefox\profiles\hy4hutjd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-13 28544]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 4096]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-5-31 3968]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 204800]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-1 47640]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1829616]
R2 TelemetQuoteService;TelemetQuoteService;c:\telemetdatasource\TelemetQuoteService.exe [2007-4-4 466944]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-6-1 3379264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060727.019\naveng.sys [2006-7-27 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060727.019\navex15.sys [2006-7-27 828808]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-1 12856]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Net Agent;Net Agent;c:\windows\dls0523pmw.exe --> c:\windows\dls0523pmw.exe [?]

=============== Created Last 30 ================

2009-02-17 13:47 <DIR> --d----- C:\VundoFix Backups
2009-02-17 12:29 <DIR> --d----- c:\program files\common files\xing shared
2009-02-17 11:26 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 11:26 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 11:26 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 11:26 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 11:26 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 11:26 <DIR> --d----- c:\docume~1\sherry\applic~1\PC Tools
2009-02-17 11:25 <DIR> --d----- c:\temp\google
2009-02-17 11:25 <DIR> --d----- c:\windows\system32\runtime
2009-02-13 17:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-13 17:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-13 16:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-13 16:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-13 16:17 <DIR> --d----- c:\docume~1\sherry\applic~1\SUPERAntiSpyware.com
2009-02-13 16:16 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-13 11:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-13 11:36 <DIR> --d----- c:\program files\Panda Security
2009-02-13 10:36 <DIR> --d----- C:\Tools
2009-02-13 10:34 <DIR> --d----- c:\windows\pss
2009-02-12 17:14 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-12 17:14 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-12 17:14 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-12 17:14 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-12 17:14 <DIR> --d----- C:\34b11c23b5d616058588c9d6d6
2009-02-12 17:13 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-12 16:37 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-02-12 16:37 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-12 16:37 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-12 16:37 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-12 16:37 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-12 16:36 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-12 16:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-12 16:36 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-02-12 16:36 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-12 16:36 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-12 16:36 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-02-12 16:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-12 16:34 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-02-12 15:43 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-02-12 15:43 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-02-12 15:42 10,752 -------- c:\windows\system32\smtpapi.dll
2009-02-12 15:42 9,728 -------- c:\windows\system32\rwnh.dll
2009-02-12 15:42 19,569 a------- c:\windows\003482_.tmp
2009-02-12 14:52 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-02-12 14:52 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-02-12 14:52 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-02-12 14:52 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-02-12 14:52 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-02-12 14:50 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-02-12 14:49 6,144 ac------ c:\windows\system32\dllcache\kbdinpun.dll
2009-02-12 14:48 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-02-12 14:47 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-02-12 14:47 49,664 ac------ c:\windows\system32\dllcache\adrot.dll
2009-02-12 14:47 6,144 ac------ c:\windows\system32\dllcache\admxprox.dll
2009-02-12 14:47 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-02-12 14:47 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-02-12 14:47 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-02-12 14:47 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-02-12 14:47 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-02-12 14:47 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-02-12 14:47 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-02-12 14:47 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-02-12 14:43 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-12 14:43 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-12 14:43 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-12 14:43 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-12 14:43 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-12 14:43 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-12 14:42 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-02-12 14:33 588 a------- c:\windows\system32\settingsbkup.sfm
2009-02-12 14:33 588 a------- c:\windows\system32\settings.sfm
2009-02-12 14:25 13,753 a----r-- c:\windows\SETB5.tmp
2009-02-12 14:25 1,086,058 a----r-- c:\windows\SETA9.tmp
2009-02-12 14:25 1,042,903 a----r-- c:\windows\SETA6.tmp
2009-02-12 12:49 0 a------- c:\windows\system32\8104297.jun
2009-02-12 12:49 <DIR> --d----- c:\program files\Browser Hijack Recover
2009-02-12 11:45 <DIR> --d----- c:\program files\Trend Micro
2009-02-12 10:30 62,372 a------- c:\windows\setupapi.old
2009-02-12 09:57 <DIR> --d----- c:\program files\CCleaner
2009-02-12 09:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-12 09:12 <DIR> --d----- c:\windows\dell
2009-02-12 09:12 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-12 09:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 09:10 <DIR> --d----- c:\program files\Lavasoft
2009-02-11 13:51 <DIR> --d----- c:\docume~1\sherry\applic~1\Malwarebytes
2009-02-11 13:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-11 13:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-11 13:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 11:49 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-27 10:34 23,576 a------- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-02-17 11:43 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-02-12 16:19 89,651 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-12 14:40 23,680 a------- c:\windows\system32\emptyregdb.dat
2008-08-19 14:47 69,960 a------- c:\docume~1\sherry\applic~1\GDIPFONTCACHEV1.DAT
2008-08-13 14:39 630,784 a------- c:\documents and settings\sherry\GoToAssist_chat2way__320_en.exe
2007-12-23 08:58 140,824 a------- c:\program files\common files\secman.dll

============= FINISH: 16:07:43.40 ===============


Thank you!!

-Sherry

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 26 February 2009 - 01:36 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 26 February 2009 - 02:48 PM

Hi-

Thank you SO much for your response. I still need help!! I've just patiently bided my time, and have not done anything else to the computer. However, now I can't seem to run the DDS utility! I tried downloading it again to make sure the file was not corrupt, but it's still not running. It's flickers to the black box and quits. Any suggestions? I won't try anything else until I hear back from you.

Thanks.

-Sherry

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 27 February 2009 - 04:21 AM

Hi

Close down Norton, Spybot, Ad-Aware and Spysweeper before running dds. There should be an icon for each in system tray lower right corner.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 27 February 2009 - 09:48 AM

I did that already, but tried again, and still nothing. What else can I try??

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 27 February 2009 - 12:38 PM

Hi

Are you sure it didn't generate a log already? Could you check if you can find dds.txt file which creation date corresponds the time you ran DDS?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 27 February 2009 - 02:42 PM

I did a search and didn't turn up any text files since my original log from the 17th. I even renamed that one before I tried running the utility again. However, something came up in the search with an IE logo and the location just listed as "My Computer." The properties show the following:

Type: Internet shortcut
file:///C:/Documents%2520and%2520Settings/sherry/Desktop/DDS.txt
Last visited: 02/27/2009 2:18pm
Times visited: 5

I've attached a screenshot to show you what it looks like. It looks odd to me.

Let me know what you make of it. Thanks!
-Sherry

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 27 February 2009 - 03:18 PM

Hi

Let's make sure you make it correcly.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post dds.txt contents back to your topic.
If that still doesn't work rename the file to something else and try running it.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 27 February 2009 - 03:34 PM

Still not working. (btw, the first link was not valid) I downloaded it from the second link, it still did not work. I downloaded it again and saved it as "test.scr" and it still didn't work. Same thing happens: the black box pops up and closes immediately. I had no problems running this originally on the 17th, so I do not know why it won't run now. I have disabled everything I know of that could be blocking the script. I haven't installed anything new since my original log either. I looked at the list of running processes in the task manager, and nothing is jumping out at me. I'm pretty much at a loss! Is there any other log I can upload that might be useful? I appreciate your help...this is so frustrating to deal with!

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 27 February 2009 - 03:47 PM

Hi

Let's try another tool then.

Please download OTListIt2
Save it to the Desktop
  • Close all windows and double-click on the OTListIt.exe file
  • OK any warning about running OTListIt.
  • Place a check in the Scan All Users checkbox
  • Click the Run Scan button
  • When the scan is complete, two text files are produced on the Desktop: OTListIt.txt , and Extras.txt
Please post the OTListIt.txt and Extras.txt in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 27 February 2009 - 04:19 PM

Hi-

This tool ran okay. Below are the two log files created. In the meantime, by a fluke, I found that some of my issues could possibly be related to "google query suggestions." I turned this preference off, and things seem better with my browser searches. It's odd since the problem occured with other search engines as well, but seems fine now. I'm not ready to believe that was the entire issue, so let's carry on!

OTListIt.txt:

OTListIt logfile created on: 2/27/2009 3:56:09 PM - Run
OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 5.19 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
Drive G: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 29.40 Gb Total Space | 25.13 Gb Free Space | 85.47% Space Free | Partition Type: NTFS
Drive M: | 220.12 Gb Total Space | 215.60 Gb Free Space | 97.94% Space Free | Partition Type: NTFS
Drive O: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
Drive P: | 220.12 Gb Total Space | 215.60 Gb Free Space | 97.94% Space Free | Partition Type: NTFS

Computer Name: SHERRY
Current User Name: sherry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/07/21 16:26:36 | 00,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/02/23 10:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006/09/28 09:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/04/10 17:44:04 | 00,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/06/15 00:41:08 | 01,829,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/21 09:09:50 | 00,466,944 | ---- | M] (Telemet America, Inc) -- C:\TelemetDataSource\TelemetQuoteService.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2000/10/26 15:22:00 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hpnra.exe
PRC - [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2007/09/07 15:55:08 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/01/17 13:03:06 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2002/02/15 11:31:42 | 00,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/07/21 16:28:02 | 00,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/02/22 01:24:32 | 00,315,392 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
PRC - [2007/09/07 15:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2009/02/27 15:54:45 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/10/03 16:11:08 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/07/21 16:26:36 | 00,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service [Auto | Running])
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/23 10:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2006/09/28 09:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/17 11:24:24 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/07 15:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/12 09:11:35 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2006/02/23 10:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/18 07:57:02 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Stopped])
SRV - [2007/04/17 13:03:50 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Stopped])
SRV - File not found -- -- (Net Agent [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/05/03 12:29:42 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/02/17 11:59:12 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2006/01/24 19:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2006/06/15 00:41:08 | 01,829,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/09/21 09:09:50 | 00,466,944 | ---- | M] (Telemet America, Inc) -- C:\TelemetDataSource\TelemetQuoteService.exe -- (TelemetQuoteService [Auto | Running])
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 05:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2002/04/08 10:05:52 | 00,295,168 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys -- (ati2mtaa [On_Demand | Stopped])
DRV - [2005/07/22 11:17:42 | 00,051,392 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS -- (ATNT40K [Auto | Running])
DRV - [2006/09/28 09:13:34 | 00,004,096 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2006/09/05 11:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/04/10 17:48:04 | 00,236,032 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/04 05:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/05/16 09:24:36 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\Drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
DRV - [2003/09/22 07:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2002/04/10 18:01:12 | 00,024,554 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
DRV - [2002/04/30 13:53:08 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/05/26 21:31:20 | 00,324,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2009/02/17 11:58:56 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
DRV - [2009/02/17 11:58:57 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [On_Demand | Stopped])
DRV - [2009/02/17 11:58:57 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
DRV - [2009/02/12 09:11:42 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/02/28 14:31:50 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Stopped])
DRV - [2007/04/17 13:00:28 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMImirr.sys -- (LMImirr [On_Demand | Running])
DRV - [2008/10/18 07:56:51 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/10/18 07:56:52 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2002/04/10 18:01:00 | 00,029,638 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/07/21 18:06:09 | 00,079,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060727.019\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2006/07/21 18:05:53 | 00,828,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060727.019\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/05/03 12:30:08 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/22 07:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Stopped])
DRV - [2003/09/22 11:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X [On_Demand | Stopped])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/04/10 18:00:44 | 00,117,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2008/02/22 21:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2003/10/13 00:29:00 | 00,066,688 | R--- | M] (NETGEAR ) -- C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS -- (RTL8023 [On_Demand | Running])
DRV - [2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2005/12/19 19:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2005/12/19 19:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 03:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/04/11 16:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2004/08/04 05:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2006/05/05 15:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [Disabled | Running])
DRV - [2006/01/24 19:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2006/01/24 19:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2004/08/04 05:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2004/08/04 05:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2002/04/10 17:45:16 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2004/08/04 05:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-602162358-725345543-1110\S-1-5-21-1715567821-602162358-725345543-1110\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - presf.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/02/12 17:18:38 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> %AllUsersProfile%\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C} [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2009/02/17 11:25:49 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2009/02/17 12:29:21 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/17 15:08:08 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/17 12:31:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.01\Extensions\\Components -> %ProgramFiles%\NETSCAPE\NETSCAPE\COMPONENTS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS] -> [2009/02/17 13:41:02 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.01\Extensions\\Plugins -> %ProgramFiles%\NETSCAPE\NETSCAPE\PLUGINS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS] -> [2009/02/17 12:31:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components -> %ProgramFiles%\NETSCAPE\NETSCAPE\COMPONENTS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS] -> [2009/02/17 13:41:02 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins -> %ProgramFiles%\NETSCAPE\NETSCAPE\PLUGINS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS] -> [2009/02/17 12:31:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components -> %ProgramFiles%\NETSCAPE\NETSCAPE\COMPONENTS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS] -> [2009/02/17 13:41:02 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins -> %ProgramFiles%\NETSCAPE\NETSCAPE\PLUGINS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS] -> [2009/02/17 12:31:43 00,000,000 | ---D | M]
FF - C:\Documents and Settings\sherry\Application Data\mozilla\Extensions [2009/02/17 15:08:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\sherry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/17 15:08:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\sherry\Application Data\mozilla\Firefox\Profiles\hy4hutjd.default\extensions [2009/02/17 15:09:59 00,000,000 | ---D | M]
FF - C:\Documents and Settings\sherry\Application Data\mozilla\Firefox\Profiles\hy4hutjd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/02/17 15:09:58 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/17 11:25:42 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/17 11:25:42 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1715567821-602162358-725345543-1110\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1715567821-602162358-725345543-1110\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup (Creative Technology Ltd)
O4 - HKLM..\Run: [FinishOptions] C:\DOCUME~1\sherry\LOCALS~1\Temp\hpbinxst.exe File not found
O4 - HKLM..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LANMessage] "F:\Shared Downloads\LANMessage.exe" Silent (DimaWare)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" (Musicmatch Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1715567821-602162358-725345543-1110..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer Networking Limited)
O4 - HKU\S-1-5-21-1715567821-602162358-725345543-1110..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} https://vmodlms.widerthanam.com/component/VZWDLManager.cab (DLManager Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4CB3C837-368E-4258-BF8F-E12317BF8AD4} http://www.tfservicecenter.com/TONEUpgrade...608/sysreqs.cab (CSysReqs Object)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1233066696152 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233066685733 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.3.1_09)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} http://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx (SketchCtl.Pic1)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://friag.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{89C3331E-D53C-40E4-BB5A-8698CB2078D4}\\NameServer = 192.168.240.3,64.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E916002E-40BA-469D-BB01-CB52B01EF1D4}\\NameServer = 192.168.240.3,64.94.156.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1996/12/24 18:58:32 | 00,019,456 | ---- | M] () - K:\AUTOLOG.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/30 23:51:14 | 02,895,872 | ---- | M] (Baseline) - K:\AutoQL.exe -- [ NTFS ]
O32 - AutoRun File - [2009/02/02 12:19:41 | 00,069,890 | ---- | M] () - K:\AUTOQUES.INI -- [ NTFS ]
O32 - AutoRun File - [2009/01/02 10:35:03 | 00,070,406 | ---- | M] () - K:\AUTOQUES.OLD -- [ NTFS ]
O32 - AutoRun File - [2007/06/15 14:36:55 | 00,000,415 | ---- | M] () - K:\AUTORUN.INI -- [ NTFS ]
O32 - AutoRun File - [1998/06/15 09:46:38 | 00,011,376 | ---- | M] (Baseline Financial Services) - K:\AUTOUP.EXE -- [ NTFS ]
O32 - AutoRun File - [1999/07/07 13:41:22 | 00,032,768 | ---- | M] (Baseline Financial Services) - K:\AUTOUP32.EXE -- [ NTFS ]
O32 - AutoRun File - [1999/05/19 10:01:14 | 00,028,672 | ---- | M] (Baseline Financial Services) - K:\AUTOUPX.EXE -- [ NTFS ]
O33 - MountPoints2\{8dbd7f84-a697-11dd-bf1e-0007e9b7dfae}\Shell\AutoRun\command - "" = E:\start.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/02/27 15:54:47 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTListIt2.exe
[2009/02/27 15:19:37 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\sherry\Desktop\test.scr
[2009/02/27 14:28:19 | 08,066,405 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\ScreenShot022709.rtf
[2009/02/25 17:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2009/02/24 12:34:36 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\MooGuide.doc
[2009/02/20 11:04:04 | 00,198,144 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\Copy of HI3H JANUARY 2009 RECON.xls
[2009/02/18 17:08:35 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\diana_thank you card_cover.pub
[2009/02/18 16:26:30 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\ibew38values.xls
[2009/02/18 15:33:08 | 01,189,376 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\ibew38 Performance Review 2-09.pub
[2009/02/18 15:32:09 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\ibew38numbers.xls
[2009/02/18 10:54:40 | 00,099,840 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\tin labels.dot
[2009/02/17 15:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sherry\Local Settings\Application Data\Mozilla
[2009/02/17 13:47:26 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/17 12:31:44 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/02/17 12:29:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/02/17 12:29:21 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/02/17 11:26:55 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2009/02/17 11:26:55 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2009/02/17 11:26:55 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/02/17 11:26:55 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2009/02/17 11:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/02/17 11:26:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sherry\Application Data\PC Tools
[2009/02/17 11:26:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/17 11:25:46 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/17 11:25:37 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/17 11:25:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\runtime
[2009/02/17 11:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/17 11:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/17 11:24:27 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/02/13 17:27:55 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\sherry\Desktop\Spybot - Search & Destroy.lnk
[2009/02/13 17:27:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/13 17:27:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/13 16:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/13 16:17:43 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/13 16:17:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/13 16:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sherry\Application Data\SUPERAntiSpyware.com
[2009/02/13 16:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/13 11:36:18 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/02/13 11:36:00 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/02/13 10:36:50 | 00,000,000 | ---D | C] -- C:\Tools
[2009/02/13 10:34:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/02/13 10:01:29 | 21,465,08800 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/12 17:14:28 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/02/12 17:14:28 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/02/12 17:14:27 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/02/12 17:14:27 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/02/12 17:14:27 | 00,000,000 | ---D | C] -- C:\34b11c23b5d616058588c9d6d6
[2009/02/12 17:13:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/02/12 16:37:14 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/02/12 16:37:09 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/02/12 16:37:08 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/02/12 16:37:07 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/02/12 16:37:06 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/02/12 16:36:50 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/02/12 16:36:39 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/02/12 16:36:37 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/02/12 16:36:30 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/02/12 16:36:16 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/02/12 16:36:03 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/02/12 16:35:01 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/02/12 16:34:59 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/02/12 16:24:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/12 16:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/02/12 15:53:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/12 15:43:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/02/12 15:43:09 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/02/12 15:42:33 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/02/12 15:42:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/02/12 14:52:11 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/02/12 14:52:01 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/02/12 14:52:01 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/02/12 14:52:00 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/02/12 14:52:00 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/02/12 14:51:59 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/02/12 14:51:59 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/02/12 14:51:58 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/02/12 14:51:57 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/02/12 14:51:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/02/12 14:51:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/02/12 14:51:53 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/02/12 14:51:53 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/02/12 14:51:53 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/02/12 14:51:52 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/02/12 14:51:52 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/02/12 14:51:43 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/02/12 14:51:43 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/02/12 14:51:40 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/02/12 14:51:38 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/02/12 14:51:37 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/02/12 14:51:37 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/02/12 14:51:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/02/12 14:51:36 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/02/12 14:51:36 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/02/12 14:51:36 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/02/12 14:51:35 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/02/12 14:51:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/02/12 14:51:28 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/02/12 14:51:26 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/02/12 14:51:25 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/02/12 14:51:25 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/02/12 14:51:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/02/12 14:51:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/02/12 14:51:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/02/12 14:51:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/02/12 14:51:21 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/02/12 14:51:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/02/12 14:51:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/02/12 14:51:20 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/02/12 14:51:20 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/02/12 14:51:20 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/02/12 14:51:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/02/12 14:51:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/02/12 14:51:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/02/12 14:51:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/02/12 14:51:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/02/12 14:51:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/02/12 14:51:19 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/02/12 14:51:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/02/12 14:51:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/02/12 14:51:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/02/12 14:51:05 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/02/12 14:51:05 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/02/12 14:51:02 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/02/12 14:51:01 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/02/12 14:51:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/02/12 14:50:57 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/02/12 14:50:57 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/02/12 14:50:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/02/12 14:50:53 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/02/12 14:50:53 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/02/12 14:50:52 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/02/12 14:50:52 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/02/12 14:50:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/02/12 14:50:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/02/12 14:50:51 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/02/12 14:50:51 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/02/12 14:50:50 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/02/12 14:50:50 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/02/12 14:50:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/02/12 14:50:49 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/02/12 14:50:47 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/02/12 14:50:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/02/12 14:50:47 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/02/12 14:50:47 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/02/12 14:50:47 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/02/12 14:50:41 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/02/12 14:50:38 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/02/12 14:50:33 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/02/12 14:50:26 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/02/12 14:50:26 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/02/12 14:50:12 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/02/12 14:50:11 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/02/12 14:50:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/02/12 14:50:09 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/02/12 14:50:07 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/02/12 14:50:04 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/02/12 14:50:04 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/02/12 14:50:03 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/02/12 14:50:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/02/12 14:50:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/02/12 14:50:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/02/12 14:50:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/02/12 14:50:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/02/12 14:50:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/02/12 14:50:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/02/12 14:50:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/02/12 14:50:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/02/12 14:50:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/02/12 14:50:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/02/12 14:50:00 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/02/12 14:49:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/02/12 14:49:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/02/12 14:49:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/02/12 14:49:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/02/12 14:49:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/02/12 14:49:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/02/12 14:49:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/02/12 14:49:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/02/12 14:49:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/02/12 14:49:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/02/12 14:49:57 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/02/12 14:49:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/02/12 14:49:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/02/12 14:49:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/02/12 14:49:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/02/12 14:49:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/02/12 14:49:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/02/12 14:49:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/02/12 14:49:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/02/12 14:49:54 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/02/12 14:49:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/02/12 14:49:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/02/12 14:49:49 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/02/12 14:49:47 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/02/12 14:49:47 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/02/12 14:49:47 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/02/12 14:49:47 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/02/12 14:49:46 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/02/12 14:49:46 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/02/12 14:49:46 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/02/12 14:49:46 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/02/12 14:49:45 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/02/12 14:49:45 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/02/12 14:49:45 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/02/12 14:49:44 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/02/12 14:49:44 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/02/12 14:49:44 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/02/12 14:49:44 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/02/12 14:49:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/02/12 14:49:43 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/02/12 14:49:43 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/02/12 14:49:42 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/02/12 14:49:42 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/02/12 14:49:42 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/02/12 14:49:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/02/12 14:49:41 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/02/12 14:49:41 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/02/12 14:49:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/02/12 14:49:41 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/02/12 14:49:40 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/02/12 14:49:40 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/02/12 14:49:39 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/02/12 14:49:39 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/02/12 14:49:32 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/02/12 14:49:27 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/02/12 14:49:24 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/02/12 14:49:19 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/02/12 14:49:18 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/02/12 14:49:13 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/02/12 14:49:13 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/02/12 14:49:11 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/02/12 14:49:10 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/02/12 14:49:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/02/12 14:49:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/02/12 14:49:06 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/02/12 14:49:06 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/02/12 14:49:03 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/02/12 14:49:02 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/02/12 14:49:02 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/02/12 14:49:02 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/02/12 14:48:50 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/02/12 14:48:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/02/12 14:48:45 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/02/12 14:48:45 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/02/12 14:48:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/02/12 14:48:45 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/02/12 14:48:40 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/02/12 14:48:40 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/02/12 14:48:40 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/02/12 14:48:39 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/02/12 14:48:39 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/02/12 14:48:39 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/02/12 14:48:39 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/02/12 14:48:38 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/02/12 14:48:37 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/02/12 14:48:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/02/12 14:48:37 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/02/12 14:48:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/02/12 14:48:37 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/02/12 14:48:35 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/02/12 14:48:34 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/02/12 14:48:34 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/02/12 14:48:33 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/02/12 14:48:33 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/02/12 14:48:33 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/02/12 14:48:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/02/12 14:48:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/02/12 14:48:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/02/12 14:48:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/02/12 14:48:31 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/02/12 14:48:31 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/02/12 14:48:31 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/02/12 14:48:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/02/12 14:48:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/02/12 14:48:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/02/12 14:48:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/02/12 14:48:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/02/12 14:48:27 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/02/12 14:48:27 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/02/12 14:48:27 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/02/12 14:48:27 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/02/12 14:48:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/02/12 14:48:26 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/02/12 14:48:26 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/02/12 14:48:26 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/02/12 14:48:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/02/12 14:48:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/02/12 14:48:23 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/02/12 14:48:23 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/02/12 14:48:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/02/12 14:48:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/02/12 14:48:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/02/12 14:48:22 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/02/12 14:48:21 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/02/12 14:48:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/02/12 14:48:20 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/02/12 14:48:18 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/02/12 14:48:04 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/02/12 14:48:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/02/12 14:48:02 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/02/12 14:47:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/02/12 14:47:49 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/02/12 14:47:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/02/12 14:47:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/02/12 14:47:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/02/12 14:47:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/02/12 14:47:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/02/12 14:47:27 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/02/12 14:47:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/02/12 14:47:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/02/12 14:47:20 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/02/12 14:43:42 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/02/12 14:42:56 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/02/12 14:33:03 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/02/12 14:33:03 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/02/12 14:26:29 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/02/12 14:26:29 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/02/12 14:26:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/02/12 14:26:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/02/12 14:26:04 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/02/12 14:26:04 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/02/12 14:26:04 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/02/12 14:26:04 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/02/12 14:26:03 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/02/12 14:26:03 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/02/12 14:26:03 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/02/12 14:26:03 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/02/12 12:49:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8104297.jun
[2009/02/12 12:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Browser Hijack Recover
[2009/02/12 11:45:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\sherry\Desktop\HijackThis.lnk
[2009/02/12 11:45:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/12 11:19:07 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/12 11:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/02/12 10:30:28 | 00,062,372 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/02/12 10:14:12 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/02/12 09:58:01 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\sherry\Desktop\CCleaner.lnk
[2009/02/12 09:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/12 09:36:05 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/12 09:12:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/02/12 09:12:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/12 09:12:06 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/12 09:10:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/12 09:10:32 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/12 09:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/12 09:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/11 16:26:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/02/11 16:23:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/02/11 16:19:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/02/11 16:19:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/02/11 16:18:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/02/11 13:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sherry\Application Data\Malwarebytes
[2009/02/11 13:51:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 13:51:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/11 13:51:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 13:51:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/11 13:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/10 16:32:58 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\diana thank you labels.doc
[2009/02/10 14:52:45 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\diana shower directions.doc
[2009/02/10 13:16:53 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\diana_shower_invite_inside.pub
[2009/02/10 13:16:44 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\diana_shower_invite_cover.pub
[2009/02/06 15:15:16 | 00,917,504 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\shorebrochure.pub
[2009/01/30 14:37:41 | 00,010,011 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillername.pdf
[2009/01/30 14:37:01 | 00,019,619 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerlogosheets.pdf
[2009/01/30 14:35:58 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerlogosheets.pub
[2009/01/30 14:34:42 | 01,956,822 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondblue.bmp
[2009/01/30 14:34:29 | 01,956,822 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondred.bmp
[2009/01/30 11:57:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\sherry\My Documents\~$_DentalCoverage_111208.doc
[2009/01/30 10:53:49 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\facebook.xls
[2009/01/29 13:00:02 | 01,956,822 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondyellow.bmp
[2009/01/29 12:17:13 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamond.pub

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\sherry\My Documents\*.tmp files]
[2009/02/27 15:55:39 | 00,000,153 | ---- | M] () -- C:\WINDOWS\moxy32.INI
[2009/02/27 15:54:45 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTListIt2.exe
[2009/02/27 15:19:30 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\test.scr
[2009/02/27 14:28:20 | 08,066,405 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\ScreenShot022709.rtf
[2009/02/27 13:56:44 | 00,002,579 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Fidelity Advisor CHANNEL 6.8.lnk
[2009/02/27 13:35:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/02/27 10:52:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/27 09:33:15 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/27 09:31:03 | 00,001,192 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/02/27 09:30:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/27 09:30:52 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/27 09:30:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/27 09:30:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/02/27 09:30:17 | 21,465,08800 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/27 09:28:36 | 00,000,725 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/02/27 09:28:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/02/27 09:28:36 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/02/26 18:49:49 | 00,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/02/26 13:48:26 | 00,000,164 | ---- | M] () -- C:\WINDOWS\datapo32.INI
[2009/02/26 13:42:40 | 00,001,544 | ---- | M] () -- C:\WINDOWS\Basex.ini
[2009/02/26 12:57:02 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/26 09:11:22 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/24 12:34:48 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\MooGuide.doc
[2009/02/20 11:04:05 | 00,198,144 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\Copy of HI3H JANUARY 2009 RECON.xls
[2009/02/18 17:08:35 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana_thank you card_cover.pub
[2009/02/18 16:28:09 | 01,189,376 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\ibew38 Performance Review 2-09.pub
[2009/02/18 16:26:30 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\ibew38values.xls
[2009/02/18 15:32:10 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\ibew38numbers.xls
[2009/02/18 14:23:57 | 00,099,840 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\tin labels.dot
[2009/02/18 11:26:18 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\Shower Checklist.xls
[2009/02/17 13:36:16 | 00,524,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/17 13:36:16 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/02/17 13:36:16 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/02/17 12:31:45 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/02/17 12:29:21 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/02/17 12:28:31 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/02/17 11:58:57 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2009/02/17 11:58:57 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2009/02/17 11:58:56 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/02/17 11:25:46 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/13 17:47:02 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Notepad.lnk
[2009/02/13 17:27:55 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Spybot - Search & Destroy.lnk
[2009/02/13 16:17:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/13 16:11:35 | 00,400,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/12 17:03:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/12 16:26:25 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/12 16:09:06 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/02/12 14:55:24 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/02/12 14:45:51 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
[2009/02/12 14:45:39 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/02/12 14:45:39 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/02/12 14:45:17 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/12 14:43:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/02/12 14:43:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/02/12 14:43:29 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/02/12 14:40:41 | 00,023,680 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/12 14:33:03 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/02/12 14:33:03 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/02/12 14:26:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\DESKTOP.INI
[2009/02/12 14:26:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2009/02/12 12:49:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8104297.jun
[2009/02/12 11:45:17 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\HijackThis.lnk
[2009/02/12 10:58:57 | 00,072,544 | ---- | M] () -- C:\WINDOWS\mariner.his
[2009/02/12 10:58:57 | 00,002,221 | ---- | M] () -- C:\WINDOWS\mariner.ini
[2009/02/12 10:54:27 | 00,062,372 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/02/12 09:58:01 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\CCleaner.lnk
[2009/02/12 09:11:52 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/12 09:11:42 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/12 09:10:32 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/11 16:39:15 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\sherry\My Documents\DESKTOP.INI
[2009/02/11 13:51:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/10 16:56:49 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana_shower_invite_inside.pub
[2009/02/10 16:35:32 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana thank you labels.doc
[2009/02/10 15:15:07 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana bridal shower labels.doc
[2009/02/10 15:13:40 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana shower directions.doc
[2009/02/10 13:16:45 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\diana_shower_invite_cover.pub
[2009/02/06 15:48:42 | 00,917,504 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\shorebrochure.pub
[2009/02/03 15:21:14 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/30 15:16:59 | 00,002,327 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2009/01/30 14:54:43 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\facebook.xls
[2009/01/30 14:39:18 | 00,019,619 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerlogosheets.pdf
[2009/01/30 14:37:41 | 00,010,011 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillername.pdf
[2009/01/30 14:35:58 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerlogosheets.pub
[2009/01/30 14:35:01 | 00,276,480 | -HS- | M] () -- C:\Documents and Settings\sherry\My Documents\Thumbs.db
[2009/01/30 14:34:43 | 01,956,822 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondblue.bmp
[2009/01/30 14:34:30 | 01,956,822 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondred.bmp
[2009/01/30 11:57:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sherry\My Documents\~$_DentalCoverage_111208.doc
[2009/01/29 13:10:43 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamond.pub
[2009/01/29 13:00:03 | 01,956,822 | ---- | M] () -- C:\Documents and Settings\sherry\My Documents\stillerdiamondyellow.bmp

========== Alternate Data Streams ==========

@Alternate Data Stream - 9708 bytes -> C:\Documents and Settings\sherry\My Documents\babygame.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7156 bytes -> C:\Documents and Settings\sherry\My Documents\STOCKGIFTBABY.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\sherry\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\sherry\My Documents\STOCKGIFTBABY.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\sherry\My Documents\babygame.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
< End of report >


Extras.txt:

OTListIt Extras logfile created on: 2/27/2009 3:56:09 PM - Run
OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 5.19 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
Drive G: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 29.40 Gb Total Space | 25.13 Gb Free Space | 85.47% Space Free | Partition Type: NTFS
Drive M: | 220.12 Gb Total Space | 215.60 Gb Free Space | 97.94% Space Free | Partition Type: NTFS
Drive O: | 220.12 Gb Total Space | 124.82 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
Drive P: | 220.12 Gb Total Space | 215.60 Gb Free Space | 97.94% Space Free | Partition Type: NTFS

Computer Name: SHERRY
Current User Name: sherry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\Netscape\Netscape\Netscp.exe (Mozilla, Netscape)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"\\Winslow\SHARE\Shared Downloads\LANMessage.exe" = \\Winslow\SHARE\Shared Downloads\LANMessage.exe:*:Enabled:LANMessage
[2004/08/04 16:41:00 | 00,526,224 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/09/07 15:55:04 | 15,995,704 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{097F8229-8ECD-4DD3-A648-1FD67BDAF562}" = IBM AFP Workbench Viewer
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{19ABFD8F-CB86-4965-9282-047FC27084F1}" = SQLXML 3.0 SP3
"{23DE0732-6503-4F5D-83A0-F25AE2398967}" = DTCC Interface
"{2B1AFCF7-BE6C-4750-8A6D-738E4AD29804}" = Advisor CHANNEL 6.8
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}" = HP Color LaserJet 3800
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70F80C1E-5F26-11D7-88D1-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_09
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7556CE8F-3B9D-4575-924E-72A5EC880D3C}" = LogMeIn
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Basic 2002
"{83287AA0-14B2-11D5-95ED-00C04FBE860F}" = SchwabLink Desktop
"{8CA3DCAB-6B41-4E5F-B5B2-8DED37CDF1CC}" = Setup1
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{913E1F2D-5A32-4D18-B983-640374D81448}" = JxPublicObject
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8A204BC-7177-470E-BBDD-47256D05B325}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CAF6DE27-0B94-4996-B932-AD3EF0C3E3B2}" = Telemet Orion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6D7030D-E04C-4CCA-98DD-B9B51EDE5845}" = Junxure7
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8DBCF67-C44C-4768-8112-9CADBAC390E6}" = HP Printer Access Tool
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3866B80-4638-483B-A80C-AE46FEA1BE44}" = Event Manager for Netscape Navigator and Mozilla
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"AccessR" = Microsoft Office Access 2007
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager (Remove Only)
"ALT Access" = ALT Access
"ATI Display Driver" = ATI Display Driver
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BASELINE" = Thomson Baseline
"Baseline Spreadsheet Link" = Thomson Baseline Spreadsheet Link
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0
"CCleaner" = CCleaner (remove only)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DX" = DX
"Fidelity Investments - ACD Dataport Interface" = Fidelity Investments - ACD Dataport Interface
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet 3800" = HP Color LaserJet 3800
"HP Color LaserJet 4550 Uninstaller" = HP Color LaserJet 4550 Uninstaller
"HP LaserJet 4000 Printing System" = HP LaserJet 4000 Printing System
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23DE0732-6503-4F5D-83A0-F25AE2398967}" = DTCC Interface
"Inter_Tel 5000 DB Programming 1.2.5.111" = Inter-Tel 5000 DB Programming 1.2.5.111
"Inter_Tel 5000 DB Programming 1.2.6.173" = Inter-Tel 5000 DB Programming 1.2.6.173
"Inter_Tel DB Programming DB Test" = Inter-Tel DB Programming DB Test
"Inter_Tel DB Programming Upload Utility" = Inter-Tel DB Programming Upload Utility
"Java Web Start" = Java Web Start
"JP Morgan Private Client Services Dataport Interface" = JP Morgan Private Client Services Dataport Interface
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Merrill Lynch Institutional Custody Dataport Interface" = Merrill Lynch Institutional Custody Dataport Interface
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Moxy Client" = Moxy Client
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Netscape (7.2)" = Netscape (7.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 6.0
"State Street Investor Services - ACD Dataport Interface" = State Street Investor Services - ACD Dataport Interface
"TelemetQuoteService" = TelemetQuoteService COM Server
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0607011cb51ff370" = Junxure Outlook Addin
"GeoTrader Application" = GeoTrader Application
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-602162358-725345543-1110\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0607011cb51ff370" = Junxure Outlook Addin
"GeoTrader Application" = GeoTrader Application
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2009 12:10:27 PM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x00027d9a.

Error - 2/18/2009 3:39:16 PM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x000181c5.

Error - 2/18/2009 4:32:44 PM | Computer Name = SHERRY | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application mspub.exe, version 10.0.4128.0, faulting module
mspub.exe, version 10.0.4128.0, fault address 0x00008f90.

Error - 2/26/2009 11:14:30 AM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x10001df5.

Error - 2/26/2009 5:24:22 PM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x10001df5.

Error - 2/26/2009 5:45:31 PM | Computer Name = SHERRY | Source = Application Hang | ID = 1002
Description = Hanging application Netscp.exe, version 7.2.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2009 10:26:19 AM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 2/27/2009 10:37:02 AM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

Error - 2/27/2009 11:46:04 AM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x10191df5.

Error - 2/27/2009 12:22:54 PM | Computer Name = SHERRY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x10191df5.

[ System Events ]
Error - 2/17/2009 11:12:55 AM | Computer Name = SHERRY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2/17/2009 12:10:11 PM | Computer Name = SHERRY | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain WINSLOWASSET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2/17/2009 12:12:21 PM | Computer Name = SHERRY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 2/17/2009 12:12:21 PM | Computer Name = SHERRY | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 2/17/2009 2:33:33 PM | Computer Name = SHERRY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 2/17/2009 2:33:33 PM | Computer Name = SHERRY | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 2/27/2009 9:58:42 AM | Computer Name = SHERRY | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSFS0509\0000 disappeared from the system without
first being prepared for removal.

Error - 2/27/2009 9:58:42 AM | Computer Name = SHERRY | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSHRMD\0000 disappeared from the system without
first being prepared for removal.

Error - 2/27/2009 9:58:42 AM | Computer Name = SHERRY | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSIDRV\0000 disappeared from the system without
first being prepared for removal.

Error - 2/27/2009 9:58:42 AM | Computer Name = SHERRY | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).


< End of report >


Thanks again!

-Sherry

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 28 February 2009 - 07:48 AM

Hi again,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 12.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.




Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information & a fresh hjt log into your topic. How's the system running?
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 28 February 2009 - 02:22 PM

I'm up to the scan part. After five hours, it's only 20% done, so it looks like I'll be posting the log sometime tomorrow!

Thanks.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 01 March 2009 - 06:54 AM

Ok. Shall wait for your reply :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 melbasher

melbasher
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 01 March 2009 - 08:53 AM

Hi-

Below is the Kaspersky scan. Your last instructions said to include a fresh HJT log. We originally used the OTLISTIT2 tool...should I run that again or HijackThis?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 28, 2009 14:08:31
Records in database: 1855525
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
K:\
M:\
O:\
P:\

Scan statistics:
Files scanned: 305126
Threat name: 4
Infected objects: 30
Suspicious objects: 0
Duration of the scan: 07:49:20


File name / Threat name / Threats count
C:\Documents and Settings\sherry\.jpi_cache\jar\1.0\crtdcghcn.jar-2f734cc-116f551b.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\sherry\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-67d0bb14.zip Infected: Trojan-Downloader.Java.Agent.f 1
F:\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
F:\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
F:\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
F:\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
F:\Shared Downloads\LogMeIn.ins Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
G:\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
G:\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
G:\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
G:\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
G:\Shared Downloads\LogMeIn.ins Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
O:\Moxysqlsrvr\C\Share Moxy\Old Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
O:\Moxysqlsrvr\C\Share Moxy\Old Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
O:\Moxysqlsrvr\C\Share Moxy\Old Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
O:\Moxysqlsrvr\C\Share Moxy\Old Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
O:\Moxysqlsrvr\C\Share Moxy\Old Downloads\LogMeIn.ins Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
O:\Winlsow (File Server)\D\SHARE\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
O:\Winlsow (File Server)\D\SHARE\Shared Downloads\LogMeIn.abc Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
O:\Winlsow (File Server)\D\SHARE\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2
O:\Winlsow (File Server)\D\SHARE\Shared Downloads\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
O:\Winlsow (File Server)\D\SHARE\Shared Downloads\LogMeIn.ins Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1

The selected area was scanned.


Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users