Free Malware Removal Forum

by **minman** » August 19th, 2008, 7:27 pm

I have a virus that runs in the process list as iexplore.exe. I am now using Mozilla Firefox as my browser. I have disabled internet explorer. I have an up to date Trend PC-cillin anti-virus. I have just installed ZoneAlarm for a firewall. None of these stop the process calling itself iexplore.exe from trying to run about every 5 seconds. Every time it runs, it de-activates the window I'm in, as if I'm opening up another window. Virus scan does not recognize it as a virus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:23 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OL\TMAS_OL.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\b4r4k482.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\BeRpKklx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Sideload.BHO - {B4CEB816-A720-423A-82F2-63553142634D} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.ci.carmel.in.us/control/MgAxCtrl.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://www.totsites.com/admin/includes/ ... oader4.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13662 bytes

by **Carolyn** » August 23rd, 2008, 7:32 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please download Malwarebytes' Anti-Malware and save it to a convenient location.

Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

FILELISTER
Go HERE and download File Lister.

Save it to your Desktop
Right Click ->> Extract all ->> and extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Double Click FileLister.vbe
As the program runs, it will appear that nothing is happening.
When the program is finished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.

Please post the Malwarebytes' Anti-Malware log along with the contents of Files.txt and a fresh HijackThis log.

by **minman** » August 24th, 2008, 9:13 pm

Malwarebytes' Anti-Malware 1.25
Database version: 1083
Windows 5.1.2600 Service Pack 3

9:02:29 PM 8/24/2008
mbam-log-08-24-2008 (21-02-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 214998
Time elapsed: 2 hour(s), 26 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\BeRpKklx.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0119482.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0119483.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b4r4k482.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H7634Xso.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oembios.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\laf1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\laf4.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\laf6.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\laf156.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\laf160.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\YazzleBundle-1281.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+ By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++

Report ran on --->>> 8/24/2008 9:07:11 PM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"SigmatelSysTrayApp"="stsystra.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"ShowLOMControl"=""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 14\\pccguide.exe\""
"dscactivate"="\"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\""
"NoteBurner"="C:\\Program Files\\NoteBurner\\VTBurnerGUI.exe /silence"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 14\\TMAS_OE\\TMAS_OEMon.exe\""
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
"OM2_Monitor"="\"C:\\Program Files\\OLYMPUS\\OLYMPUS Master 2\\MMonitor.exe\" -NoStart"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

8/24/2008 9:07:11 PM 2683 32 C:\Files.txt
8/22/2008 7:15:03 PM 386144848 C:\WINDOWS\$NtServicePackUninstall$
8/22/2008 7:15:03 PM 2547034 C:\WINDOWS\$NtServicePackUninstall$\spuninst
8/22/2008 7:47:46 PM 718180 C:\WINDOWS\$NtUninstallKB946648$
8/22/2008 7:47:46 PM 622805 C:\WINDOWS\$NtUninstallKB946648$\spuninst
8/14/2008 6:13:18 AM 712392 C:\WINDOWS\$NtUninstallKB946648_0$
8/14/2008 6:13:18 AM 629448 C:\WINDOWS\$NtUninstallKB946648_0$\spuninst
8/22/2008 7:48:04 PM 838212 C:\WINDOWS\$NtUninstallKB950762$
8/22/2008 7:48:04 PM 623157 C:\WINDOWS\$NtUninstallKB950762$\spuninst
8/22/2008 7:48:16 PM 881758 C:\WINDOWS\$NtUninstallKB950974$
8/22/2008 7:48:16 PM 623055 C:\WINDOWS\$NtUninstallKB950974$\spuninst
8/14/2008 6:13:00 AM 872781 C:\WINDOWS\$NtUninstallKB950974_0$
8/14/2008 6:13:00 AM 629581 C:\WINDOWS\$NtUninstallKB950974_0$\spuninst
8/22/2008 7:48:29 PM 1327240 C:\WINDOWS\$NtUninstallKB951066$
8/22/2008 7:48:29 PM 623097 C:\WINDOWS\$NtUninstallKB951066$\spuninst
8/14/2008 5:58:14 AM 1313090 C:\WINDOWS\$NtUninstallKB951066_0$
8/14/2008 5:58:14 AM 629570 C:\WINDOWS\$NtUninstallKB951066_0$\spuninst
8/14/2008 6:10:48 AM 690827 C:\WINDOWS\$NtUninstallKB951072-v2$
8/14/2008 6:10:48 AM 630411 C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst
8/22/2008 7:48:43 PM 908948 C:\WINDOWS\$NtUninstallKB951376$
8/22/2008 7:48:43 PM 623493 C:\WINDOWS\$NtUninstallKB951376$\spuninst
8/22/2008 7:48:56 PM 908239 C:\WINDOWS\$NtUninstallKB951376-v2$
8/22/2008 7:48:56 PM 623680 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
8/22/2008 7:49:09 PM 1923706 C:\WINDOWS\$NtUninstallKB951698$
8/22/2008 7:49:09 PM 623083 C:\WINDOWS\$NtUninstallKB951698$\spuninst
8/22/2008 7:49:23 PM 1761817 C:\WINDOWS\$NtUninstallKB951748$
8/22/2008 7:49:23 PM 624696 C:\WINDOWS\$NtUninstallKB951748$\spuninst
8/23/2008 7:37:33 AM 2448326 C:\WINDOWS\$NtUninstallKB951978$
8/23/2008 7:37:33 AM 629702 C:\WINDOWS\$NtUninstallKB951978$\spuninst
8/22/2008 7:49:41 PM 967493 C:\WINDOWS\$NtUninstallKB952287$
8/22/2008 7:49:41 PM 623286 C:\WINDOWS\$NtUninstallKB952287$\spuninst
8/14/2008 6:10:37 AM 961467 C:\WINDOWS\$NtUninstallKB952287_0$
8/14/2008 6:10:37 AM 629691 C:\WINDOWS\$NtUninstallKB952287_0$\spuninst
8/22/2008 7:49:55 PM 709235 C:\WINDOWS\$NtUninstallKB952954$
8/22/2008 7:49:55 PM 623076 C:\WINDOWS\$NtUninstallKB952954$\spuninst
8/14/2008 6:13:27 AM 704004 C:\WINDOWS\$NtUninstallKB952954_0$
8/14/2008 6:13:27 AM 629764 C:\WINDOWS\$NtUninstallKB952954_0$\spuninst
8/14/2008 6:13:10 AM 750902 C:\WINDOWS\$NtUninstallKB953839$
8/14/2008 6:13:10 AM 628022 C:\WINDOWS\$NtUninstallKB953839$\spuninst
8/17/2008 3:51:51 PM 10777583 C:\WINDOWS\Internet Logs
8/22/2008 7:38:36 PM 46127 C:\WINDOWS\l2schemas
8/22/2008 7:28:11 PM 595270300 C:\WINDOWS\ServicePackFiles
8/22/2008 7:28:11 PM 592135051 C:\WINDOWS\ServicePackFiles\i386
8/22/2008 7:38:16 PM 49218301 C:\WINDOWS\ServicePackFiles\i386\lang
8/22/2008 7:39:42 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache
8/22/2008 7:39:42 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
8/22/2008 6:54:25 PM 19569 32 C:\WINDOWS\003253_.tmp
8/14/2008 6:13:16 AM 221200 32 C:\WINDOWS\KB946648.log
8/13/2008 11:56:47 PM 225331 32 C:\WINDOWS\KB950974.log
8/14/2008 5:56:32 AM 211780 32 C:\WINDOWS\KB951066.log
8/13/2008 11:56:35 PM 35521 32 C:\WINDOWS\KB951072-v2.log
8/23/2008 7:14:37 AM 16164 32 C:\WINDOWS\KB951978.log
8/14/2008 6:10:34 AM 220312 32 C:\WINDOWS\KB952287.log
8/13/2008 11:56:53 PM 226326 32 C:\WINDOWS\KB952954.log
8/14/2008 5:59:07 AM 20902 32 C:\WINDOWS\KB953838-IE7.log
8/14/2008 6:13:08 AM 14575 32 C:\WINDOWS\KB953839.log
8/22/2008 6:57:17 PM 32866 0 C:\WINDOWS\slrundll.exe
8/22/2008 8:00:12 PM 187 32 C:\WINDOWS\spupdsvc.log.1.log
8/22/2008 6:25:49 PM 561950 32 C:\WINDOWS\svcpack.log
8/17/2008 3:54:19 PM 75248 32 C:\WINDOWS\zllsputility.exe
8/22/2008 7:38:33 PM 409088 C:\WINDOWS\system32\bits
8/22/2008 7:38:34 PM 76288 C:\WINDOWS\system32\en
8/22/2008 7:38:38 PM 83456 C:\WINDOWS\system32\scripting
8/17/2008 3:52:32 PM 55365607 C:\WINDOWS\system32\ZoneLabs
8/17/2008 3:52:54 PM 21604405 C:\WINDOWS\system32\ZoneLabs\avsys
8/17/2008 3:52:54 PM 11341851 C:\WINDOWS\system32\ZoneLabs\avsys\bases
8/17/2008 3:52:33 PM 2337152 C:\WINDOWS\system32\ZoneLabs\lib
8/17/2008 3:52:34 PM 437680 C:\WINDOWS\system32\ZoneLabs\lib\pyd
8/17/2008 3:52:34 PM 60632 C:\WINDOWS\system32\ZoneLabs\plugins
8/17/2008 3:52:34 PM 30282 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server
8/17/2008 3:52:34 PM 30350 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin
8/17/2008 3:52:53 PM 3480777 C:\WINDOWS\system32\ZoneLabs\streamapi
8/17/2008 3:54:20 PM 214636 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker
8/17/2008 3:54:16 PM 3266141 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp
8/17/2008 3:54:36 PM 10076 C:\WINDOWS\system32\ZoneLabs\Updates
8/22/2008 8:38:03 PM 0 C:\WINDOWS\system32\ZoneLabs\Updates\TrialScreens
8/22/2008 6:53:30 PM 136192 0 C:\WINDOWS\system32\aaclient.dll
8/22/2008 6:53:46 PM 229376 0 C:\WINDOWS\system32\ati2cqag.dll
8/22/2008 6:53:46 PM 377984 0 C:\WINDOWS\system32\ati2dvaa.dll
8/22/2008 6:53:46 PM 201728 0 C:\WINDOWS\system32\ati2dvag.dll
8/22/2008 6:53:47 PM 870784 0 C:\WINDOWS\system32\ati3d1ag.dll
8/22/2008 6:53:47 PM 1888992 0 C:\WINDOWS\system32\ati3duag.dll
8/22/2008 6:53:48 PM 9728 0 C:\WINDOWS\system32\ativdaxx.ax
8/22/2008 6:53:48 PM 23040 0 C:\WINDOWS\system32\ativmvxx.ax
8/22/2008 6:53:48 PM 32768 0 C:\WINDOWS\system32\ativtmxx.dll
8/22/2008 6:53:48 PM 516768 0 C:\WINDOWS\system32\ativvaxx.dll
8/22/2008 6:53:51 PM 233472 0 C:\WINDOWS\system32\azroles.dll
8/22/2008 6:53:51 PM 7168 0 C:\WINDOWS\system32\bitsprx4.dll
8/22/2008 6:55:07 PM 9728 0 C:\WINDOWS\system32\comsdupd.exe
8/22/2008 6:54:03 PM 12800 0 C:\WINDOWS\system32\credssp.dll
8/22/2008 6:54:09 PM 48640 0 C:\WINDOWS\system32\dhcpqec.dll
8/22/2008 6:54:11 PM 19456 0 C:\WINDOWS\system32\dimsntfy.dll
8/22/2008 6:54:11 PM 39936 0 C:\WINDOWS\system32\dimsroam.dll
8/22/2008 6:54:14 PM 26112 0 C:\WINDOWS\system32\dot3api.dll
8/22/2008 6:54:14 PM 57856 0 C:\WINDOWS\system32\dot3cfg.dll
8/22/2008 6:54:14 PM 9216 0 C:\WINDOWS\system32\dot3dlg.dll
8/22/2008 6:54:14 PM 39936 0 C:\WINDOWS\system32\dot3gpclnt.dll
8/22/2008 6:54:14 PM 56320 0 C:\WINDOWS\system32\dot3msm.dll
8/22/2008 6:54:14 PM 132096 0 C:\WINDOWS\system32\dot3svc.dll
8/22/2008 6:54:14 PM 650752 0 C:\WINDOWS\system32\dot3ui.dll
8/22/2008 6:54:20 PM 30720 0 C:\WINDOWS\system32\eapolqec.dll
8/22/2008 6:54:21 PM 184832 0 C:\WINDOWS\system32\eapp3hst.dll
8/22/2008 6:54:21 PM 126976 0 C:\WINDOWS\system32\eappcfg.dll
8/22/2008 6:54:21 PM 94208 0 C:\WINDOWS\system32\eappgnui.dll
8/22/2008 6:54:21 PM 180224 0 C:\WINDOWS\system32\eapphost.dll
8/22/2008 6:54:21 PM 40960 0 C:\WINDOWS\system32\eappprxy.dll
8/22/2008 6:54:21 PM 59392 0 C:\WINDOWS\system32\eapqec.dll
8/22/2008 6:54:21 PM 33792 0 C:\WINDOWS\system32\eapsvc.dll
8/22/2008 6:54:25 PM 20992 0 C:\WINDOWS\system32\faxpatch.exe
8/22/2008 6:54:54 PM 32285 0 C:\WINDOWS\system32\hsfcisp2.dll
8/22/2008 6:55:37 PM 6144 0 C:\WINDOWS\system32\kbdbhc.dll
8/22/2008 6:55:37 PM 6144 0 C:\WINDOWS\system32\kbdiultn.dll
8/22/2008 6:55:38 PM 6144 0 C:\WINDOWS\system32\kbdnepr.dll
8/22/2008 6:55:38 PM 6144 0 C:\WINDOWS\system32\kbdpash.dll
8/22/2008 6:55:39 PM 61440 0 C:\WINDOWS\system32\kmsvc.dll
8/22/2008 6:55:40 PM 37376 0 C:\WINDOWS\system32\l2gpstore.dll
8/17/2008 3:52:53 PM 796048 32 C:\WINDOWS\system32\libeay32_0.9.6l.dll
8/22/2008 6:55:59 PM 184320 0 C:\WINDOWS\system32\microsoft.managementconsole.dll
8/22/2008 6:56:00 PM 397312 0 C:\WINDOWS\system32\mmcex.dll
8/22/2008 6:56:00 PM 106496 0 C:\WINDOWS\system32\mmcfxcommon.dll
8/22/2008 6:56:00 PM 33792 0 C:\WINDOWS\system32\mmcperf.exe
8/22/2008 6:56:25 PM 155136 0 C:\WINDOWS\system32\mssha.dll
8/22/2008 6:56:25 PM 76800 0 C:\WINDOWS\system32\msshavmsg.dll
8/22/2008 6:56:30 PM 1306624 0 C:\WINDOWS\system32\msxml6.dll
8/22/2008 6:56:30 PM 79872 0 C:\WINDOWS\system32\msxml6r.dll
8/22/2008 6:56:31 PM 1737856 0 C:\WINDOWS\system32\mtxparhd.dll
8/22/2008 6:56:32 PM 30208 0 C:\WINDOWS\system32\napipsec.dll
8/22/2008 6:56:32 PM 193024 0 C:\WINDOWS\system32\napmontr.dll
8/22/2008 6:56:32 PM 176640 0 C:\WINDOWS\system32\napstat.exe
8/12/2008 11:19:48 AM 0 32 C:\WINDOWS\system32\null
8/22/2008 6:56:49 PM 144384 0 C:\WINDOWS\system32\onex.dll
8/22/2008 6:55:17 PM 974 0 C:\WINDOWS\system32\pid.inf
8/22/2008 6:56:57 PM 150528 0 C:\WINDOWS\system32\qagent.dll
8/22/2008 6:56:57 PM 291328 0 C:\WINDOWS\system32\qagentrt.dll
8/22/2008 6:56:57 PM 62464 0 C:\WINDOWS\system32\qcliprov.dll
8/22/2008 6:56:59 PM 76800 0 C:\WINDOWS\system32\qutil.dll
8/22/2008 6:57:00 PM 61952 0 C:\WINDOWS\system32\rasqec.dll
8/22/2008 6:57:03 PM 290304 0 C:\WINDOWS\system32\rhttpaa.dll
8/22/2008 6:55:18 PM 9728 0 C:\WINDOWS\system32\rwnh.dll
8/22/2008 6:57:06 PM 397056 0 C:\WINDOWS\system32\s3gnb.dll
8/22/2008 6:57:10 PM 32768 0 C:\WINDOWS\system32\setupn.exe
8/22/2008 6:57:16 PM 73832 0 C:\WINDOWS\system32\slcoinst.dll
8/22/2008 6:57:16 PM 286792 0 C:\WINDOWS\system32\slextspk.dll
8/22/2008 6:57:16 PM 188508 0 C:\WINDOWS\system32\slgen.dll
8/22/2008 6:57:17 PM 32866 0 C:\WINDOWS\system32\slrundll.exe
8/22/2008 6:57:17 PM 73796 0 C:\WINDOWS\system32\slserv.exe
8/22/2008 6:55:19 PM 10752 0 C:\WINDOWS\system32\smtpapi.dll
8/22/2008 6:57:20 PM 7680 32 C:\WINDOWS\system32\spdwnwxp.exe
8/17/2008 3:54:18 PM 11264 32 C:\WINDOWS\system32\SpOrder.dll
8/22/2008 6:57:21 PM 20992 0 C:\WINDOWS\system32\spupdwxp.exe
8/22/2008 8:00:10 PM 251 32 C:\WINDOWS\system32\spupdwxp.log
8/22/2008 6:57:36 PM 53248 0 C:\WINDOWS\system32\tsgqec.dll
8/22/2008 6:57:37 PM 50688 0 C:\WINDOWS\system32\tspkg.dll
8/17/2008 3:52:29 PM 352918 32 C:\WINDOWS\system32\vsconfig.xml
8/17/2008 3:51:51 PM 83432 32 C:\WINDOWS\system32\vsdata.dll
8/17/2008 3:52:29 PM 394952 32 C:\WINDOWS\system32\vsdatant.sys
8/17/2008 3:51:51 PM 157160 32 C:\WINDOWS\system32\vsinit.dll
8/17/2008 3:52:32 PM 103912 32 C:\WINDOWS\system32\vsmonapi.dll
8/17/2008 3:52:32 PM 275944 32 C:\WINDOWS\system32\vspubapi.dll
8/17/2008 3:52:53 PM 71144 32 C:\WINDOWS\system32\vsregexp.dll
8/17/2008 3:51:51 PM 472552 32 C:\WINDOWS\system32\vsutil.dll
8/17/2008 3:52:35 PM 46568 32 C:\WINDOWS\system32\vswmi.dll
8/17/2008 3:52:33 PM 99816 32 C:\WINDOWS\system32\vsxml.dll
8/22/2008 6:57:55 PM 69120 0 C:\WINDOWS\system32\wlanapi.dll
8/17/2008 3:52:48 PM 83432 32 C:\WINDOWS\system32\zlcomm.dll
8/17/2008 3:52:48 PM 71144 32 C:\WINDOWS\system32\zlcommdb.dll
8/17/2008 3:55:01 PM 4212 2 C:\WINDOWS\system32\zllictbl.dat
8/17/2008 3:52:33 PM 1086952 32 C:\WINDOWS\system32\zpeng24.dll

====== Files under "\Administrator\Startup" Last 30 Days======

====== Files under "\All Users\Startup" Last 30 Days======

====== Folders under "\Program Files" Last 30 Days======

8/2/2008 2:32:26 PM 1359407 C:\Program Files\iPod
8/2/2008 2:32:26 PM 1356072 C:\Program Files\iPod\bin
8/2/2008 2:32:27 PM 823808 C:\Program Files\iPod\bin\iPodService.Resources
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\da.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\de.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\es.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\fi.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\it.lproj
8/2/2008 2:32:27 PM 43008 C:\Program Files\iPod\bin\iPodService.Resources\ja.lproj
8/2/2008 2:32:27 PM 43008 C:\Program Files\iPod\bin\iPodService.Resources\ko.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\nb.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\nl.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\pl.lproj
8/2/2008 2:32:27 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\pt.lproj
8/2/2008 2:32:28 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\pt_PT.lproj
8/2/2008 2:32:28 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\ru.lproj
8/2/2008 2:32:28 PM 43520 C:\Program Files\iPod\bin\iPodService.Resources\sv.lproj
8/2/2008 2:32:28 PM 43008 C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj
8/2/2008 2:32:28 PM 43008 C:\Program Files\iPod\bin\iPodService.Resources\zh_TW.lproj
8/2/2008 2:32:10 PM 84801513 C:\Program Files\iTunes
8/2/2008 2:32:26 PM 161119 C:\Program Files\iTunes\CD Configuration
8/2/2008 2:32:28 PM 60391043 C:\Program Files\iTunes\iTunes.Resources
8/2/2008 2:32:28 PM 2780737 C:\Program Files\iTunes\iTunes.Resources\da.lproj
8/2/2008 2:32:28 PM 362752 C:\Program Files\iTunes\iTunes.Resources\da.lproj\iPodSettings.nib
8/2/2008 2:32:28 PM 21957 C:\Program Files\iTunes\iTunes.Resources\da.lproj\Ringtone.nib
8/2/2008 2:32:28 PM 132784 C:\Program Files\iTunes\iTunes.Resources\da.lproj\SetupAssistant.nib
8/2/2008 2:32:28 PM 3277679 C:\Program Files\iTunes\iTunes.Resources\de.lproj
8/2/2008 2:32:28 PM 361521 C:\Program Files\iTunes\iTunes.Resources\de.lproj\iPodSettings.nib
8/2/2008 2:32:28 PM 21576 C:\Program Files\iTunes\iTunes.Resources\de.lproj\Ringtone.nib
8/2/2008 2:32:28 PM 133492 C:\Program Files\iTunes\iTunes.Resources\de.lproj\SetupAssistant.nib
8/2/2008 2:32:30 PM 2775785 C:\Program Files\iTunes\iTunes.Resources\en.lproj
8/2/2008 2:32:30 PM 360616 C:\Program Files\iTunes\iTunes.Resources\en.lproj\iPodSettings.nib
8/2/2008 2:32:30 PM 21460 C:\Program Files\iTunes\iTunes.Resources\en.lproj\Ringtone.nib
8/2/2008 2:32:30 PM 132470 C:\Program Files\iTunes\iTunes.Resources\en.lproj\SetupAssistant.nib
8/2/2008 2:32:31 PM 3014194 C:\Program Files\iTunes\iTunes.Resources\es.lproj
8/2/2008 2:32:31 PM 364983 C:\Program Files\iTunes\iTunes.Resources\es.lproj\iPodSettings.nib
8/2/2008 2:32:31 PM 21523 C:\Program Files\iTunes\iTunes.Resources\es.lproj\Ringtone.nib
8/2/2008 2:32:31 PM 133649 C:\Program Files\iTunes\iTunes.Resources\es.lproj\SetupAssistant.nib
8/2/2008 2:32:31 PM 2797707 C:\Program Files\iTunes\iTunes.Resources\fi.lproj
8/2/2008 2:32:31 PM 363291 C:\Program Files\iTunes\iTunes.Resources\fi.lproj\iPodSettings.nib
8/2/2008 2:32:31 PM 21522 C:\Program Files\iTunes\iTunes.Resources\fi.lproj\Ringtone.nib
8/2/2008 2:32:31 PM 133005 C:\Program Files\iTunes\iTunes.Resources\fi.lproj\SetupAssistant.nib
8/2/2008 2:32:31 PM 3118037 C:\Program Files\iTunes\iTunes.Resources\fr.lproj
8/2/2008 2:32:31 PM 365262 C:\Program Files\iTunes\iTunes.Resources\fr.lproj\iPodSettings.nib
8/2/2008 2:32:31 PM 21986 C:\Program Files\iTunes\iTunes.Resources\fr.lproj\Ringtone.nib
8/2/2008 2:32:31 PM 134172 C:\Program Files\iTunes\iTunes.Resources\fr.lproj\SetupAssistant.nib
8/2/2008 2:32:32 PM 3003556 C:\Program Files\iTunes\iTunes.Resources\it.lproj
8/2/2008 2:32:32 PM 363812 C:\Program Files\iTunes\iTunes.Resources\it.lproj\iPodSettings.nib
8/2/2008 2:32:32 PM 21973 C:\Program Files\iTunes\iTunes.Resources\it.lproj\Ringtone.nib
8/2/2008 2:32:32 PM 133203 C:\Program Files\iTunes\iTunes.Resources\it.lproj\SetupAssistant.nib
8/2/2008 2:32:32 PM 2780772 C:\Program Files\iTunes\iTunes.Resources\ja.lproj
8/2/2008 2:32:33 PM 367027 C:\Program Files\iTunes\iTunes.Resources\ja.lproj\iPodSettings.nib
8/2/2008 2:32:33 PM 21963 C:\Program Files\iTunes\iTunes.Resources\ja.lproj\Ringtone.nib
8/2/2008 2:32:33 PM 135501 C:\Program Files\iTunes\iTunes.Resources\ja.lproj\SetupAssistant.nib
8/2/2008 2:32:34 PM 3984159 C:\Program Files\iTunes\iTunes.Resources\ko.lproj
8/2/2008 2:32:34 PM 368708 C:\Program Files\iTunes\iTunes.Resources\ko.lproj\iPodSettings.nib
8/2/2008 2:32:34 PM 21478 C:\Program Files\iTunes\iTunes.Resources\ko.lproj\Ringtone.nib
8/2/2008 2:32:34 PM 134548 C:\Program Files\iTunes\iTunes.Resources\ko.lproj\SetupAssistant.nib
8/2/2008 2:32:34 PM 2858696 C:\Program Files\iTunes\iTunes.Resources\nb.lproj
8/2/2008 2:32:34 PM 362945 C:\Program Files\iTunes\iTunes.Resources\nb.lproj\iPodSettings.nib
8/2/2008 2:32:34 PM 21952 C:\Program Files\iTunes\iTunes.Resources\nb.lproj\Ringtone.nib
8/2/2008 2:32:35 PM 132840 C:\Program Files\iTunes\iTunes.Resources\nb.lproj\SetupAssistant.nib
8/2/2008 2:32:35 PM 3079326 C:\Program Files\iTunes\iTunes.Resources\nl.lproj
8/2/2008 2:32:35 PM 364081 C:\Program Files\iTunes\iTunes.Resources\nl.lproj\iPodSettings.nib
8/2/2008 2:32:35 PM 21908 C:\Program Files\iTunes\iTunes.Resources\nl.lproj\Ringtone.nib
8/2/2008 2:32:35 PM 133579 C:\Program Files\iTunes\iTunes.Resources\nl.lproj\SetupAssistant.nib
8/2/2008 2:32:35 PM 2957979 C:\Program Files\iTunes\iTunes.Resources\pl.lproj
8/2/2008 2:32:35 PM 363754 C:\Program Files\iTunes\iTunes.Resources\pl.lproj\iPodSettings.nib
8/2/2008 2:32:35 PM 21946 C:\Program Files\iTunes\iTunes.Resources\pl.lproj\Ringtone.nib
8/2/2008 2:32:35 PM 132949 C:\Program Files\iTunes\iTunes.Resources\pl.lproj\SetupAssistant.nib
8/2/2008 2:32:36 PM 2278029 C:\Program Files\iTunes\iTunes.Resources\pt.lproj
8/2/2008 2:32:36 PM 364002 C:\Program Files\iTunes\iTunes.Resources\pt.lproj\iPodSettings.nib
8/2/2008 2:32:37 PM 21556 C:\Program Files\iTunes\iTunes.Resources\pt.lproj\Ringtone.nib
8/2/2008 2:32:37 PM 133653 C:\Program Files\iTunes\iTunes.Resources\pt.lproj\SetupAssistant.nib
8/2/2008 2:32:37 PM 2954288 C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj
8/2/2008 2:32:38 PM 363935 C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\iPodSettings.nib
8/2/2008 2:32:38 PM 22065 C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\Ringtone.nib
8/2/2008 2:32:38 PM 133347 C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\SetupAssistant.nib
8/2/2008 2:32:38 PM 3729835 C:\Program Files\iTunes\iTunes.Resources\ru.lproj
8/2/2008 2:32:39 PM 371710 C:\Program Files\iTunes\iTunes.Resources\ru.lproj\iPodSettings.nib
8/2/2008 2:32:39 PM 21648 C:\Program Files\iTunes\iTunes.Resources\ru.lproj\Ringtone.nib
8/2/2008 2:32:39 PM 137252 C:\Program Files\iTunes\iTunes.Resources\ru.lproj\SetupAssistant.nib
8/2/2008 2:32:39 PM 2836188 C:\Program Files\iTunes\iTunes.Resources\sv.lproj
8/2/2008 2:32:39 PM 362935 C:\Program Files\iTunes\iTunes.Resources\sv.lproj\iPodSettings.nib
8/2/2008 2:32:39 PM 21967 C:\Program Files\iTunes\iTunes.Resources\sv.lproj\Ringtone.nib
8/2/2008 2:32:39 PM 132746 C:\Program Files\iTunes\iTunes.Resources\sv.lproj\SetupAssistant.nib
8/2/2008 2:32:40 PM 2764251 C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj
8/2/2008 2:32:40 PM 364241 C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\iPodSettings.nib
8/2/2008 2:32:40 PM 21922 C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\Ringtone.nib
8/2/2008 2:32:40 PM 133429 C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\SetupAssistant.nib
8/2/2008 2:32:40 PM 2409069 C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj
8/2/2008 2:32:41 PM 364099 C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\iPodSettings.nib
8/2/2008 2:32:41 PM 21925 C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\Ringtone.nib
8/2/2008 2:32:41 PM 133438 C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\SetupAssistant.nib
8/2/2008 2:32:41 PM 825856 C:\Program Files\iTunes\iTunesHelper.Resources
8/2/2008 2:32:41 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\da.lproj
8/2/2008 2:32:41 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\de.lproj
8/2/2008 2:32:41 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj
8/2/2008 2:32:41 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\es.lproj
8/2/2008 2:32:41 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\fi.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\it.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\ja.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\ko.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\nb.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\nl.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\pl.lproj
8/2/2008 2:32:42 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\pt.lproj
8/2/2008 2:32:43 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\pt_PT.lproj
8/2/2008 2:32:43 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\ru.lproj
8/2/2008 2:32:43 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\sv.lproj
8/2/2008 2:32:43 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj
8/2/2008 2:32:43 PM 43520 C:\Program Files\iTunes\iTunesHelper.Resources\zh_TW.lproj
8/2/2008 2:32:23 PM 903680 C:\Program Files\iTunes\iTunesMiniPlayer.Resources
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\da.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\es.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fi.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\it.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ja.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ko.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nb.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nl.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pl.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ru.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\sv.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj
8/2/2008 2:32:23 PM 43008 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj
8/2/2008 2:32:27 PM 69851 C:\Program Files\iTunes\Mozilla Plugins
8/24/2008 6:03:19 PM 3863462 C:\Program Files\Malwarebytes' Anti-Malware
8/24/2008 6:03:20 PM 309968 C:\Program Files\Malwarebytes' Anti-Malware\Languages
8/9/2008 7:28:04 PM 13209009 C:\Program Files\Microsoft Silverlight
8/9/2008 7:28:04 PM 13209009 C:\Program Files\Microsoft Silverlight\2.0.30523.8
8/9/2008 7:28:05 PM 67712 C:\Program Files\Microsoft Silverlight\2.0.30523.8\de
8/9/2008 7:28:05 PM 67712 C:\Program Files\Microsoft Silverlight\2.0.30523.8\es
8/9/2008 7:28:05 PM 67712 C:\Program Files\Microsoft Silverlight\2.0.30523.8\fr
8/9/2008 7:28:05 PM 67712 C:\Program Files\Microsoft Silverlight\2.0.30523.8\it
8/9/2008 7:28:05 PM 67712 C:\Program Files\Microsoft Silverlight\2.0.30523.8\ja
8/9/2008 7:28:05 PM 67200 C:\Program Files\Microsoft Silverlight\2.0.30523.8\ko
8/9/2008 7:28:05 PM 66688 C:\Program Files\Microsoft Silverlight\2.0.30523.8\zh-Hans
8/9/2008 7:28:05 PM 67200 C:\Program Files\Microsoft Silverlight\2.0.30523.8\zh-Hant
8/17/2008 1:23:06 AM 24720228 C:\Program Files\Mozilla Firefox
8/17/2008 1:23:07 AM 6075167 C:\Program Files\Mozilla Firefox\chrome
8/17/2008 1:23:07 AM 2333398 C:\Program Files\Mozilla Firefox\components
8/17/2008 1:23:07 AM 53894 C:\Program Files\Mozilla Firefox\defaults
8/17/2008 1:23:08 AM 7383 C:\Program Files\Mozilla Firefox\defaults\autoconfig
8/17/2008 1:23:08 AM 36775 C:\Program Files\Mozilla Firefox\defaults\pref
8/17/2008 1:23:10 AM 9736 C:\Program Files\Mozilla Firefox\defaults\profile
8/17/2008 1:23:10 AM 1741 C:\Program Files\Mozilla Firefox\defaults\profile\chrome
8/17/2008 1:23:09 AM 612845 C:\Program Files\Mozilla Firefox\dictionaries
8/17/2008 1:23:07 AM 1390 C:\Program Files\Mozilla Firefox\extensions
8/17/2008 1:23:08 AM 1390 C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
8/17/2008 1:23:07 AM 76011 C:\Program Files\Mozilla Firefox\greprefs
8/17/2008 1:23:07 AM 185990 C:\Program Files\Mozilla Firefox\modules
8/17/2008 1:23:07 AM 90209 C:\Program Files\Mozilla Firefox\plugins
8/17/2008 1:23:07 AM 368828 C:\Program Files\Mozilla Firefox\res
8/17/2008 1:23:07 AM 72215 C:\Program Files\Mozilla Firefox\res\dtd
8/17/2008 1:23:07 AM 80646 C:\Program Files\Mozilla Firefox\res\entityTables
8/17/2008 1:23:07 AM 79512 C:\Program Files\Mozilla Firefox\res\fonts
8/17/2008 1:23:07 AM 619 C:\Program Files\Mozilla Firefox\res\html
8/17/2008 1:23:09 AM 11439 C:\Program Files\Mozilla Firefox\searchplugins
8/17/2008 1:23:06 AM 514453 C:\Program Files\Mozilla Firefox\uninstall
8/17/2008 3:52:32 PM 33475720 C:\Program Files\Zone Labs
8/17/2008 3:52:32 PM 33475720 C:\Program Files\Zone Labs\ZoneAlarm
8/17/2008 3:54:38 PM 1168845 C:\Program Files\Zone Labs\ZoneAlarm\Help
8/17/2008 3:52:53 PM 14551 C:\Program Files\Zone Labs\ZoneAlarm\images
8/17/2008 3:55:04 PM 15245730 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier
8/17/2008 3:55:10 PM 589534 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault
8/17/2008 3:55:10 PM 8251 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault\bfraud
8/17/2008 3:55:15 PM 97191 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault\challn
8/17/2008 3:55:10 PM 1749 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault\collab
8/17/2008 3:55:10 PM 477775 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault\common
8/17/2008 3:55:10 PM 1399 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\PluginDefault\fraud
8/17/2008 3:55:07 PM 5418224 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\plugins
8/17/2008 3:55:10 PM 4895584 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\resources
8/17/2008 3:52:32 PM 2153478 C:\Program Files\Zone Labs\ZoneAlarm\repair
8/17/2008 4:56:32 PM 575649 C:\Program Files\ZoneAlarmSB
8/17/2008 4:56:32 PM 575649 C:\Program Files\ZoneAlarmSB\bar
8/17/2008 4:56:32 PM 564894 C:\Program Files\ZoneAlarmSB\bar\1.bin
8/17/2008 4:56:54 PM 357 C:\Program Files\ZoneAlarmSB\bar\Cache
8/17/2008 4:56:54 PM 1024 C:\Program Files\ZoneAlarmSB\bar\History
8/17/2008 5:46:19 PM 9374 C:\Program Files\ZoneAlarmSB\bar\Settings

====== Files under "\System32\Drivers" Last 30 Days======

8/22/2008 6:53:34 PM 4255 0 C:\WINDOWS\system32\drivers\adv01nt5.dll
8/22/2008 6:53:34 PM 3967 0 C:\WINDOWS\system32\drivers\adv02nt5.dll
8/22/2008 6:53:34 PM 3615 0 C:\WINDOWS\system32\drivers\adv05nt5.dll
8/22/2008 6:53:34 PM 3647 0 C:\WINDOWS\system32\drivers\adv07nt5.dll
8/22/2008 6:53:34 PM 3135 0 C:\WINDOWS\system32\drivers\adv08nt5.dll
8/22/2008 6:53:34 PM 3711 0 C:\WINDOWS\system32\drivers\adv09nt5.dll
8/22/2008 6:53:34 PM 3775 0 C:\WINDOWS\system32\drivers\adv11nt5.dll
8/22/2008 6:53:45 PM 56623 0 C:\WINDOWS\system32\drivers\ati1btxx.sys
8/22/2008 6:53:45 PM 11615 0 C:\WINDOWS\system32\drivers\ati1mdxx.sys
8/22/2008 6:53:45 PM 12047 0 C:\WINDOWS\system32\drivers\ati1pdxx.sys
8/22/2008 6:53:45 PM 30671 0 C:\WINDOWS\system32\drivers\ati1raxx.sys
8/22/2008 6:53:45 PM 63663 0 C:\WINDOWS\system32\drivers\ati1rvxx.sys
8/22/2008 6:53:45 PM 26367 0 C:\WINDOWS\system32\drivers\ati1snxx.sys
8/22/2008 6:53:45 PM 21343 0 C:\WINDOWS\system32\drivers\ati1ttxx.sys
8/22/2008 6:53:45 PM 36463 0 C:\WINDOWS\system32\drivers\ati1tuxx.sys
8/22/2008 6:53:45 PM 29455 0 C:\WINDOWS\system32\drivers\ati1xbxx.sys
8/22/2008 6:53:45 PM 34735 0 C:\WINDOWS\system32\drivers\ati1xsxx.sys
8/22/2008 6:53:46 PM 327040 0 C:\WINDOWS\system32\drivers\ati2mtaa.sys
8/22/2008 6:53:46 PM 701440 0 C:\WINDOWS\system32\drivers\ati2mtag.sys
8/22/2008 6:53:47 PM 57856 0 C:\WINDOWS\system32\drivers\atinbtxx.sys
8/22/2008 6:53:47 PM 13824 0 C:\WINDOWS\system32\drivers\atinmdxx.sys
8/22/2008 6:53:48 PM 14336 0 C:\WINDOWS\system32\drivers\atinpdxx.sys
8/22/2008 6:53:48 PM 52224 0 C:\WINDOWS\system32\drivers\atinraxx.sys
8/22/2008 6:53:48 PM 104960 0 C:\WINDOWS\system32\drivers\atinrvxx.sys
8/22/2008 6:53:48 PM 28672 0 C:\WINDOWS\system32\drivers\atinsnxx.sys
8/22/2008 6:53:48 PM 13824 0 C:\WINDOWS\system32\drivers\atinttxx.sys
8/22/2008 6:53:48 PM 73216 0 C:\WINDOWS\system32\drivers\atintuxx.sys
8/22/2008 6:53:48 PM 31744 0 C:\WINDOWS\system32\drivers\atinxbxx.sys
8/22/2008 6:53:48 PM 63488 0 C:\WINDOWS\system32\drivers\atinxsxx.sys
8/22/2008 6:53:48 PM 64352 0 C:\WINDOWS\system32\drivers\ativmc20.cod
8/22/2008 6:53:49 PM 21183 0 C:\WINDOWS\system32\drivers\atv01nt5.dll
8/22/2008 6:53:49 PM 11359 0 C:\WINDOWS\system32\drivers\atv02nt5.dll
8/22/2008 6:53:49 PM 25471 0 C:\WINDOWS\system32\drivers\atv04nt5.dll
8/22/2008 6:53:49 PM 14143 0 C:\WINDOWS\system32\drivers\atv06nt5.dll
8/22/2008 6:53:49 PM 17279 0 C:\WINDOWS\system32\drivers\atv10nt5.dll
8/22/2008 6:53:52 PM 17024 0 C:\WINDOWS\system32\drivers\bthenum.sys
8/22/2008 6:53:52 PM 37888 0 C:\WINDOWS\system32\drivers\bthmodem.sys
8/22/2008 6:53:52 PM 101120 0 C:\WINDOWS\system32\drivers\bthpan.sys
8/22/2008 6:53:53 PM 36480 0 C:\WINDOWS\system32\drivers\bthprint.sys
8/22/2008 6:53:53 PM 18944 0 C:\WINDOWS\system32\drivers\bthusb.sys
8/22/2008 6:53:56 PM 15423 0 C:\WINDOWS\system32\drivers\ch7xxnt5.dll
8/22/2008 6:54:06 PM 129045 0 C:\WINDOWS\system32\drivers\cxthsfs2.cty
8/17/2008 5:15:10 PM 3559456 38 C:\WINDOWS\system32\drivers\fidbox.dat
8/17/2008 5:15:10 PM 26900 38 C:\WINDOWS\system32\drivers\fidbox.idx
8/22/2008 6:54:34 PM 46464 0 C:\WINDOWS\system32\drivers\gagp30kx.sys
8/22/2008 6:54:49 PM 25600 0 C:\WINDOWS\system32\drivers\hidbth.sys
8/22/2008 6:54:53 PM 220032 0 C:\WINDOWS\system32\drivers\hsfbs2s2.sys
8/22/2008 6:54:55 PM 685056 0 C:\WINDOWS\system32\drivers\hsfcxts2.sys
8/22/2008 6:54:56 PM 1041536 0 C:\WINDOWS\system32\drivers\hsfdpsp2.sys
8/17/2008 3:53:30 PM 127768 32 C:\WINDOWS\system32\drivers\klif.sys
8/24/2008 6:03:22 PM 17144 32 C:\WINDOWS\system32\drivers\mbam.sys
8/24/2008 6:03:21 PM 38472 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
8/22/2008 6:56:30 PM 126686 0 C:\WINDOWS\system32\drivers\mtlmnt5.sys
8/22/2008 6:56:30 PM 1309184 0 C:\WINDOWS\system32\drivers\mtlstrm.sys
8/22/2008 6:56:32 PM 452736 0 C:\WINDOWS\system32\drivers\mtxparhm.sys
8/22/2008 6:56:32 PM 12672 0 C:\WINDOWS\system32\drivers\mutohpen.sys
8/22/2008 6:56:36 PM 67866 0 C:\WINDOWS\system32\drivers\netwlan5.img
8/22/2008 6:56:42 PM 180360 0 C:\WINDOWS\system32\drivers\ntmtlfax.sys
8/22/2008 6:57:01 PM 13776 0 C:\WINDOWS\system32\drivers\recagent.sys
8/22/2008 6:57:03 PM 59136 0 C:\WINDOWS\system32\drivers\rfcomm.sys
8/22/2008 6:57:04 PM 30592 0 C:\WINDOWS\system32\drivers\rndismpx.sys
8/22/2008 6:57:06 PM 166912 0 C:\WINDOWS\system32\drivers\s3gnbm.sys
8/22/2008 6:57:11 PM 10240 0 C:\WINDOWS\system32\drivers\sffp_mmc.sys
8/22/2008 6:57:16 PM 3901 0 C:\WINDOWS\system32\drivers\siint5.dll
8/22/2008 6:57:17 PM 129535 0 C:\WINDOWS\system32\drivers\slnt7554.sys
8/22/2008 6:57:17 PM 404990 0 C:\WINDOWS\system32\drivers\slntamr.sys
8/22/2008 6:57:17 PM 95424 0 C:\WINDOWS\system32\drivers\slnthal.sys
8/22/2008 6:57:17 PM 13240 0 C:\WINDOWS\system32\drivers\slwdmsup.sys
8/22/2008 6:57:17 PM 5888 0 C:\WINDOWS\system32\drivers\smbali.sys
8/22/2008 6:57:38 PM 44672 0 C:\WINDOWS\system32\drivers\uagp35.sys
8/22/2008 6:57:43 PM 12800 0 C:\WINDOWS\system32\drivers\usb8023x.sys
8/22/2008 6:57:43 PM 121984 0 C:\WINDOWS\system32\drivers\usbvideo.sys
8/22/2008 6:57:46 PM 11325 0 C:\WINDOWS\system32\drivers\vchnt5.dll
8/22/2008 6:57:48 PM 14208 0 C:\WINDOWS\system32\drivers\wacompen.sys
8/22/2008 6:57:49 PM 11807 0 C:\WINDOWS\system32\drivers\wadv07nt.sys
8/22/2008 6:57:49 PM 11295 0 C:\WINDOWS\system32\drivers\wadv08nt.sys
8/22/2008 6:57:49 PM 11871 0 C:\WINDOWS\system32\drivers\wadv09nt.sys
8/22/2008 6:57:49 PM 11935 0 C:\WINDOWS\system32\drivers\wadv11nt.sys
8/22/2008 6:57:49 PM 22271 0 C:\WINDOWS\system32\drivers\watv06nt.sys
8/22/2008 6:57:49 PM 25471 0 C:\WINDOWS\system32\drivers\watv10nt.sys

====== Files under "\User\Local Settings\Temp" Last 30 Days======

7/26/2008 11:19:58 PM 59854 32 C:\Documents and Settings\Matthew\Local Settings\Temp\683FEC6.tmp
8/24/2008 10:43:38 AM 15543 32 C:\Documents and Settings\Matthew\Local Settings\Temp\6Y6K7FGS.dat
8/12/2008 7:00:12 PM 172 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC185F.tmp
7/30/2008 12:22:10 PM 146 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC198A.tmp
7/31/2008 8:05:33 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC19E.tmp
7/31/2008 8:07:01 PM 152 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1A2.tmp
7/31/2008 8:15:53 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B0.tmp
7/31/2008 8:21:43 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B1.tmp
7/31/2008 8:21:56 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B2.tmp
7/31/2008 8:22:00 PM 166 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B3.tmp
8/22/2008 9:47:22 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B4.tmp
8/22/2008 9:47:32 PM 142 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B5.tmp
7/31/2008 8:27:40 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B7.tmp
7/31/2008 8:27:49 PM 168 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1B8.tmp
7/31/2008 8:37:16 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1BF.tmp
7/31/2008 8:37:25 PM 146 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C0.tmp
8/23/2008 10:56:06 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C1.tmp
7/31/2008 8:46:44 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C2.tmp
7/31/2008 8:46:51 PM 156 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C3.tmp
8/23/2008 10:56:19 PM 160 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C4.tmp
8/23/2008 9:35:25 AM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C6.tmp
8/23/2008 9:35:33 AM 150 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C7.tmp
8/22/2008 10:12:59 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1C9.tmp
8/22/2008 10:13:07 PM 146 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1CC.tmp
8/23/2008 9:44:12 AM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1CD.tmp
8/23/2008 9:44:24 AM 158 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1CE.tmp
8/22/2008 10:23:15 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D1.tmp
8/22/2008 10:23:25 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D2.tmp
8/22/2008 10:23:50 PM 194 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D3.tmp
7/25/2008 12:20:27 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D51.tmp
7/25/2008 12:20:40 PM 222 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D52.tmp
7/25/2008 12:20:44 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D53.tmp
7/25/2008 12:20:47 PM 160 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1D54.tmp
8/1/2008 4:23:18 PM 156 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1DE.tmp
8/22/2008 10:28:58 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1FB.tmp
8/22/2008 10:29:22 PM 186 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1FC.tmp
8/23/2008 10:48:14 AM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC1FD.tmp
8/22/2008 10:38:04 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC201.tmp
8/22/2008 10:38:15 PM 162 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC202.tmp
8/23/2008 10:54:32 AM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC203.tmp
8/22/2008 10:48:35 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC20B.tmp
8/22/2008 10:48:42 PM 160 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC20C.tmp
8/22/2008 10:55:10 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC218.tmp
8/22/2008 10:55:19 PM 164 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC21B.tmp
8/22/2008 11:01:50 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC220.tmp
8/22/2008 11:01:58 PM 142 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC221.tmp
8/22/2008 11:09:22 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC226.tmp
8/22/2008 11:09:31 PM 164 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC228.tmp
8/22/2008 11:17:03 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC22B.tmp
8/22/2008 11:17:12 PM 154 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC22C.tmp
8/22/2008 11:18:59 PM 222 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC231.tmp
8/22/2008 11:19:08 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC232.tmp
8/22/2008 11:24:00 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC23E.tmp
8/22/2008 11:24:13 PM 156 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC23F.tmp
8/22/2008 11:28:39 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC243.tmp
8/22/2008 11:32:58 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC249.tmp
8/22/2008 11:33:09 PM 170 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC24A.tmp
8/22/2008 11:42:12 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC24D.tmp
8/22/2008 11:42:30 PM 200 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC251.tmp
8/22/2008 11:54:49 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC256.tmp
8/22/2008 11:55:04 PM 216 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC25C.tmp
8/24/2008 10:43:47 AM 154 32 C:\Documents and Settings\Matthew\Local Settings\Temp\AC289.tmp
8/13/2008 8:15:55 PM 6261 32 C:\Documents and Settings\Matthew\Local Settings\Temp\b7r7k725.dat
8/1/2008 4:11:14 PM 90 32 C:\Documents and Settings\Matthew\Local Settings\Temp\bw_right-1.gif
8/19/2008 5:00:05 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1434.tmp
8/19/2008 5:00:17 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1437.tmp
8/17/2008 5:38:55 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO153.tmp
8/21/2008 9:55:08 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO17A.tmp
8/21/2008 9:56:48 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO17C.tmp
8/17/2008 5:39:52 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO17D.tmp
8/19/2008 9:25:18 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO17D1.tmp
8/21/2008 10:07:36 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO17F.tmp
8/12/2008 7:51:43 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO18B2.tmp
8/12/2008 7:52:27 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO18BC.tmp
8/12/2008 7:53:43 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO18BD.tmp
7/30/2008 9:29:54 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO194D.tmp
7/30/2008 9:30:37 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO194E.tmp
7/30/2008 9:30:38 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO194F.tmp
8/7/2008 4:44:10 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO19DC.tmp
8/7/2008 4:44:16 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO19DD.tmp
8/22/2008 9:52:39 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1B6.tmp
8/22/2008 9:53:16 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1BC.tmp
8/22/2008 9:55:34 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1BD.tmp
7/25/2008 12:13:37 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1CB6.tmp
7/25/2008 12:13:38 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1CB7.tmp
7/25/2008 12:25:41 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1CC4.tmp
7/26/2008 4:13:04 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1DE.tmp
7/26/2008 4:13:31 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1E0.tmp
7/26/2008 4:14:32 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1E1.tmp
8/10/2008 10:47:28 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1F9.tmp
8/10/2008 10:48:28 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1FA.tmp
8/10/2008 10:50:02 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1FE.tmp
8/17/2008 11:01:34 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO1FF.tmp
8/17/2008 11:02:12 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO201.tmp
8/17/2008 11:03:53 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO20C.tmp
8/21/2008 8:38:17 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO258.tmp
8/21/2008 8:38:34 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO259.tmp
8/21/2008 8:40:38 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO25C.tmp
8/2/2008 9:41:34 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO2F0.tmp
8/2/2008 9:41:44 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO2F1.tmp
8/2/2008 9:43:04 AM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO2F2.tmp
8/14/2008 5:11:04 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO3D3.tmp
8/14/2008 5:50:38 PM 47122 32 C:\Documents and Settings\Matthew\Local Settings\Temp\DIO407.tmp
8/24/2008 2:11:52 PM 28700 34 C:\Documents and Settings\Matthew\Local Settings\Temp\etilqs_MBOn8h1XpD5T6srM83JA
8/22/2008 7:07:35 PM 382 32 C:\Documents and Settings\Matthew\Local Settings\Temp\HPZIDS.log
8/16/2008 10:22:38 PM 1994 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT208.xml
8/16/2008 10:22:38 PM 426 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT209.xml
8/16/2008 10:22:38 PM 707348 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT20A.xml
8/16/2008 10:22:46 PM 1994 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT21A.xml
8/16/2008 10:22:47 PM 426 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT21B.xml
8/16/2008 10:22:47 PM 707348 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT21C.xml
8/16/2008 10:24:50 PM 1994 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT220.xml
8/16/2008 10:24:50 PM 426 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT221.xml
8/16/2008 10:24:50 PM 707348 32 C:\Documents and Settings\Matthew\Local Settings\Temp\IMT222.xml
8/17/2008 12:29:09 AM 0 32 C:\Documents and Settings\Matthew\Local Settings\Temp\is2D3.tmp
8/23/2008 6:12:29 PM 2127 32 C:\Documents and Settings\Matthew\Local Settings\Temp\jar_cache52658.tmp
8/23/2008 6:12:30 PM 333 32 C:\Documents and Settings\Matthew\Local Settings\Temp\jar_cache52659.tmp
8/23/2008 6:12:38 PM 1129 32 C:\Documents and Settings\Matthew\Local Settings\Temp\jar_cache52660.tmp
8/13/2008 7:48:59 PM 0 32 C:\Documents and Settings\Matthew\Local Settings\Temp\JET7822.tmp
8/13/2008 7:49:00 PM 0 32 C:\Documents and Settings\Matthew\Local Settings\Temp\JET7AD1.tmp
7/25/2008 5:00:23 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR10A.tmp
7/25/2008 5:00:41 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR10D.tmp
7/31/2008 6:33:46 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR10E.tmp
7/31/2008 6:33:49 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR11F.tmp
7/31/2008 3:39:10 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR120.tmp
7/31/2008 3:39:12 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR125.tmp
8/1/2008 3:20:57 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR12A.tmp
8/1/2008 3:20:57 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR12B.tmp
8/4/2008 9:46:05 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR12C.tmp
8/4/2008 9:46:06 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR12F.tmp
8/9/2008 6:54:38 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR132.tmp
8/9/2008 6:54:39 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR133.tmp
8/13/2008 7:49:23 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR134.tmp
8/13/2008 7:49:24 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR135.tmp
8/14/2008 7:36:30 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR136.tmp
8/14/2008 7:36:30 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR137.tmp
8/16/2008 8:19:17 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR138.tmp
8/16/2008 8:19:22 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR13F.tmp
8/17/2008 9:03:16 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR140.tmp
8/18/2008 12:53:06 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR141.tmp
8/17/2008 9:03:17 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR148.tmp
8/17/2008 5:38:49 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR149.tmp
8/18/2008 12:53:08 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR14C.tmp
8/17/2008 5:38:50 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR14D.tmp
8/21/2008 7:23:37 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR14E.tmp
8/20/2008 10:36:26 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR14F.tmp
8/21/2008 7:23:38 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR150.tmp
8/20/2008 10:36:28 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR153.tmp
8/4/2008 1:47:42 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR154.tmp
8/4/2008 1:47:42 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR155.tmp
8/21/2008 9:26:08 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR156.tmp
8/21/2008 9:26:08 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR157.tmp
8/22/2008 7:00:13 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR158.tmp
8/22/2008 7:00:18 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR159.tmp
8/22/2008 2:00:15 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR166.tmp
8/22/2008 2:00:16 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR167.tmp
8/22/2008 5:13:32 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16A.tmp
8/22/2008 5:13:33 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16B.tmp
8/22/2008 8:21:50 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16C.tmp
8/22/2008 8:21:51 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16D.tmp
8/23/2008 8:29:14 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16E.tmp
8/23/2008 8:29:15 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR16F.tmp
8/23/2008 10:13:22 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR170.tmp
8/23/2008 10:13:23 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR171.tmp
8/4/2008 3:56:10 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR180.tmp
8/12/2008 5:44:03 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR180D.tmp
8/12/2008 5:44:04 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR180E.tmp
8/4/2008 3:56:11 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR181.tmp
8/12/2008 9:44:17 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR18CA.tmp
8/12/2008 9:44:17 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR18CB.tmp
8/7/2008 4:08:28 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR19BF.tmp
8/7/2008 4:08:29 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR19C0.tmp
8/4/2008 11:17:56 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR1B7.tmp
8/4/2008 11:17:56 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR1B8.tmp
7/25/2008 12:02:45 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR1D25.tmp
7/25/2008 12:02:46 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR1D26.tmp
8/1/2008 6:56:13 AM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR22C.tmp
8/1/2008 6:56:14 AM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR22D.tmp
8/20/2008 8:22:17 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR29A3.tmp
8/20/2008 8:22:18 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR29A4.tmp
8/14/2008 4:32:59 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR373.tmp
8/14/2008 4:33:00 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR374.tmp
7/28/2008 3:20:56 PM 1342 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR3AB.tmp
7/28/2008 3:20:56 PM 1285 32 C:\Documents and Settings\Matthew\Local Settings\Temp\MAR3AD.tmp
8/22/2008 7:41:01 PM 1560 32 C:\Documents and Settings\Matthew\Local Settings\Temp\NetFxUpdate_v1.0.3705.log
8/13/2008 7:49:16 PM 11622412 0 C:\Documents and Settings\Matthew\Local Settings\Temp\om2107.tmp
8/9/2008 6:55:11 PM 0 32 C:\Documents and Settings\Matthew\Local Settings\Temp\PatchByFile.tmp
8/9/2008 7:27:55 PM 2064 32 C:\Documents and Settings\Matthew\Local Settings\Temp\Silverlight0.log
8/9/2008 7:27:59 PM 427520 32 C:\Documents and Settings\Matthew\Local Settings\Temp\SilverlightMSI.log
7/31/2008 6:35:01 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS126.tmp
7/31/2008 3:39:54 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS129.tmp
8/13/2008 7:49:53 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS138.tmp
8/4/2008 9:46:31 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS13B.tmp
8/14/2008 7:36:50 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS13C.tmp
8/16/2008 8:20:10 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS146.tmp
8/4/2008 1:48:22 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS15B.tmp
8/22/2008 7:01:39 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS161.tmp
8/22/2008 5:13:53 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS16E.tmp
8/20/2008 10:37:06 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS171.tmp
8/23/2008 10:14:02 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS174.tmp
8/17/2008 7:06:34 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS181.tmp
8/21/2008 10:08:06 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS183.tmp
8/22/2008 2:00:36 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS186.tmp
8/4/2008 3:57:13 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS187.tmp
8/12/2008 7:51:51 PM 113 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS18B3.tmp
8/12/2008 9:45:00 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS18CF.tmp
8/19/2008 11:13:48 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1944.tmp
7/30/2008 10:10:22 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1961.tmp
8/7/2008 4:44:46 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS19DE.tmp
8/23/2008 8:30:28 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1A8.tmp
8/4/2008 11:18:57 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1BE.tmp
7/25/2008 12:38:50 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1CC5.tmp
7/25/2008 12:03:46 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1D33.tmp
8/17/2008 11:01:02 AM 113 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1FC.tmp
7/26/2008 6:50:21 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS1FE.tmp
8/22/2008 11:08:35 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS225.tmp
8/1/2008 6:57:14 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS234.tmp
8/21/2008 8:42:15 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS25E.tmp
8/10/2008 11:12:01 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS27D.tmp
8/20/2008 8:23:55 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS29A9.tmp
8/2/2008 9:51:38 AM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS2F4.tmp
8/14/2008 5:51:09 PM 100 32 C:\Documents and Settings\Matthew\Local Settings\Temp\STS409.tmp
8/11/2008 2:08:14 AM 1516 32 C:\Documents and Settings\Matthew\Local Settings\Temp\wmplog04.sqm
8/12/2008 7:00:47 PM 1452 32 C:\Documents and Settings\Matthew\Local Settings\Temp\wmplog05.sqm
8/12/2008 7:01:23 PM 1452 32 C:\Documents and Settings\Matthew\Local Settings\Temp\wmplog06.sqm
8/18/2008 7:48:42 PM 1452 32 C:\Documents and Settings\Matthew\Local Settings\Temp\wmplog07.sqm
8/22/2008 7:41:00 PM 2586 32 C:\Documents and Settings\Matthew\Local Settings\Temp\_NDP_OCM_SetRegNI.log
8/22/2008 7:43:52 PM 8681 32 C:\Documents and Settings\Matthew\Local Settings\Temp\_NDP_OCM_ToGAC.log
8/13/2008 7:48:57 PM 931 32 C:\Documents and Settings\Matthew\Local Settings\Temp\_tf82.tmp
8/13/2008 11:38:17 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF115E.tmp
8/13/2008 8:28:32 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1264.tmp
8/14/2008 12:10:00 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1282.tmp
8/13/2008 11:43:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1347.tmp
8/13/2008 9:48:39 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF13AA.tmp
8/13/2008 11:30:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF13E6.tmp
8/13/2008 8:57:09 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1453.tmp
8/13/2008 9:04:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF14A4.tmp
8/13/2008 8:35:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF14E6.tmp
8/13/2008 9:58:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF15E4.tmp
8/6/2008 7:35:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF169F.tmp
8/13/2008 11:35:53 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF17B9.tmp
8/13/2008 11:31:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF17D8.tmp
8/13/2008 8:53:22 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1AD6.tmp
8/13/2008 10:00:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1C0F.tmp
8/13/2008 9:29:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1C3A.tmp
8/13/2008 9:49:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1CA.tmp
8/13/2008 10:53:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1CA9.tmp
8/13/2008 11:39:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1D13.tmp
8/13/2008 8:59:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1E3.tmp
8/13/2008 10:52:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1F88.tmp
8/13/2008 11:14:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1FD.tmp
8/13/2008 10:23:26 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF1FE6.tmp
8/13/2008 11:45:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2272.tmp
8/13/2008 11:15:53 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2314.tmp
8/13/2008 11:18:19 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2329.tmp
8/13/2008 9:00:56 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF23F3.tmp
8/13/2008 10:18:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2483.tmp
8/13/2008 8:50:17 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2548.tmp
8/13/2008 11:26:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF256C.tmp
8/13/2008 10:55:49 PM 512 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF25AE.tmp
8/13/2008 10:16:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2626.tmp
8/22/2008 5:19:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF26AC.tmp
8/13/2008 11:19:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF26E4.tmp
8/13/2008 7:59:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2849.tmp
8/14/2008 12:04:26 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF285.tmp
8/13/2008 11:46:43 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2898.tmp
8/13/2008 11:48:13 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF289C.tmp
8/13/2008 8:46:24 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2940.tmp
8/13/2008 10:19:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2958.tmp
8/13/2008 10:21:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2CDF.tmp
8/13/2008 8:17:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2E79.tmp
8/13/2008 8:52:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2F01.tmp
8/13/2008 11:41:18 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2FE1.tmp
8/13/2008 9:26:56 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF2FF2.tmp
8/13/2008 10:14:06 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3.tmp
8/13/2008 11:37:23 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3004.tmp
8/13/2008 10:32:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3030.tmp
8/13/2008 9:17:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF30B4.tmp
8/13/2008 11:42:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF342E.tmp
8/13/2008 8:38:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF354F.tmp
8/13/2008 8:36:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF35A5.tmp
8/13/2008 9:51:05 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF36.tmp
8/13/2008 9:23:40 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF364E.tmp
8/24/2008 6:04:05 PM 311296 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3683.tmp
8/13/2008 10:26:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF36A9.tmp
8/13/2008 8:23:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF36D8.tmp
8/13/2008 9:02:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3719.tmp
8/13/2008 11:09:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3820.tmp
8/13/2008 9:52:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF383.tmp
8/13/2008 11:07:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF383F.tmp
8/13/2008 10:24:58 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3886.tmp
8/13/2008 11:21:20 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3906.tmp
8/13/2008 9:43:18 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF398D.tmp
8/13/2008 9:37:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3A3F.tmp
8/13/2008 8:44:07 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3B28.tmp
8/13/2008 9:59:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3B76.tmp
8/13/2008 9:20:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3B8.tmp
8/13/2008 9:47:07 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3EA.tmp
8/14/2008 12:00:35 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3EAD.tmp
8/13/2008 10:56:44 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3FD4.tmp
8/13/2008 11:49:41 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4039.tmp
8/13/2008 11:58:08 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF40B4.tmp
8/13/2008 8:18:53 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4133.tmp
8/13/2008 9:30:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4171.tmp
8/13/2008 8:34:41 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF420C.tmp
8/13/2008 8:30:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4217.tmp
8/13/2008 9:10:00 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4289.tmp
8/13/2008 9:42:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF446C.tmp
8/13/2008 10:15:37 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4576.tmp
8/17/2008 12:17:19 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4587.tmp
8/13/2008 8:21:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF46EB.tmp
8/13/2008 11:55:06 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4742.tmp
8/13/2008 10:58:14 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4893.tmp
8/13/2008 10:06:18 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4940.tmp
8/13/2008 9:10:45 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4955.tmp
8/13/2008 8:37:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF496B.tmp
8/13/2008 8:54:52 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF49B6.tmp
8/13/2008 11:51:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4A97.tmp
8/13/2008 9:21:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4B1B.tmp
8/13/2008 11:00:43 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4D6E.tmp
8/21/2008 10:34:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4DBB.tmp
8/13/2008 10:33:26 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4E91.tmp
8/13/2008 10:38:55 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4E9C.tmp
8/13/2008 10:44:20 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4EB8.tmp
8/13/2008 9:44:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF4EF8.tmp
8/13/2008 9:19:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5058.tmp
8/13/2008 8:58:40 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF505D.tmp
8/13/2008 8:20:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF50D4.tmp
8/13/2008 11:27:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF51E.tmp
8/14/2008 12:02:07 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF529E.tmp
8/13/2008 10:45:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF52A4.tmp
8/13/2008 11:52:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF52AF.tmp
8/13/2008 10:02:23 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF53B6.tmp
8/13/2008 9:06:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF55D0.tmp
8/13/2008 9:56:30 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF56.tmp
8/13/2008 8:41:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5641.tmp
8/13/2008 8:47:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5723.tmp
8/13/2008 11:22:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5793.tmp
8/13/2008 11:10:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF586D.tmp
7/26/2008 6:50:55 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5968.tmp
8/13/2008 10:28:15 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5971.tmp
8/13/2008 9:41:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF597D.tmp
8/13/2008 10:59:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5C44.tmp
8/13/2008 10:07:52 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5D78.tmp
8/13/2008 9:09:14 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5ECC.tmp
8/13/2008 10:29:44 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5F56.tmp
8/13/2008 8:21:13 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5F61.tmp
8/13/2008 9:33:13 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF5FA0.tmp
8/13/2008 10:47:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF64DA.tmp
8/13/2008 8:32:30 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6570.tmp
8/13/2008 8:25:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6574.tmp
8/13/2008 11:03:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF659.tmp
8/13/2008 9:03:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF65DA.tmp
8/14/2008 12:06:05 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF65FD.tmp
8/13/2008 10:09:22 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6619.tmp
8/13/2008 11:24:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF66C5.tmp
8/13/2008 10:03:54 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6744.tmp
8/13/2008 10:40:25 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF67A1.tmp
8/13/2008 11:13:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF680D.tmp
8/13/2008 11:12:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6852.tmp
8/13/2008 10:41:55 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6A6D.tmp
8/13/2008 9:46:19 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6B3D.tmp
8/13/2008 10:11:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6B77.tmp
8/13/2008 10:36:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6B92.tmp
8/13/2008 11:34:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6C3.tmp
8/13/2008 10:35:00 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF6E40.tmp
8/13/2008 8:16:30 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF704.tmp
8/18/2008 5:36:26 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF718C.tmp
8/1/2008 7:56:33 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF727.tmp
8/14/2008 12:07:39 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF728A.tmp
8/13/2008 10:13:19 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF73B5.tmp
8/13/2008 11:02:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF74AE.tmp
8/16/2008 2:53:23 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7689.tmp
8/13/2008 10:54:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF772.tmp
8/13/2008 11:25:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF774D.tmp
8/13/2008 8:31:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7767.tmp
8/13/2008 9:54:05 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF779.tmp
8/13/2008 9:16:24 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF779D.tmp
8/13/2008 9:13:56 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7895.tmp
8/14/2008 12:03:41 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7A16.tmp
8/13/2008 9:34:44 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7C49.tmp
8/13/2008 8:51:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7CAB.tmp
8/13/2008 9:55:45 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7DA5.tmp
8/13/2008 11:33:36 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7E5B.tmp
8/13/2008 9:51:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7EE3.tmp
8/13/2008 9:57:15 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF7FB1.tmp
8/13/2008 8:45:38 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF804B.tmp
8/14/2008 12:09:13 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8105.tmp
8/13/2008 9:53:20 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF820F.tmp
8/13/2008 8:56:24 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF842B.tmp
8/13/2008 9:50:20 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8478.tmp
8/13/2008 8:48:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF864.tmp
8/13/2008 11:03:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF867F.tmp
8/13/2008 11:35:06 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF869B.tmp
8/13/2008 9:35:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF86F.tmp
8/13/2008 9:40:08 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8708.tmp
8/13/2008 8:27:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8721.tmp
8/13/2008 8:33:55 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF877E.tmp
7/28/2008 7:19:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF883B.tmp
8/14/2008 12:11:29 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF89F1.tmp
8/13/2008 10:55:14 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8AA1.tmp
8/13/2008 11:28:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8B00.tmp
8/13/2008 9:00:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8BDC.tmp
8/13/2008 9:28:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8BE4.tmp
8/13/2008 10:49:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8C32.tmp
8/13/2008 10:31:15 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8DCB.tmp
8/13/2008 10:22:40 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8F07.tmp
8/13/2008 8:42:36 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8F7.tmp
8/13/2008 11:28:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8FE.tmp
8/13/2008 9:15:37 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9063.tmp
8/13/2008 11:29:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF917D.tmp
8/13/2008 9:47:54 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF927C.tmp
8/13/2008 9:22:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF948.tmp
8/13/2008 11:31:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF95C8.tmp
8/13/2008 11:39:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9600.tmp
8/13/2008 9:40:53 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9620.tmp
8/13/2008 9:18:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9823.tmp
8/13/2008 9:38:32 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF984F.tmp
8/13/2008 9:21:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9891.tmp
8/13/2008 9:06:58 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF992A.tmp
8/13/2008 8:23:14 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9A88.tmp
8/13/2008 11:15:08 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9A9F.tmp
8/13/2008 9:14:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9B0A.tmp
8/5/2008 9:19:56 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9B8.tmp
8/13/2008 11:40:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9BAB.tmp
8/13/2008 11:44:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9CA2.tmp
8/13/2008 11:05:18 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9CBA.tmp
8/13/2008 10:55:59 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9CD8.tmp
8/13/2008 8:49:32 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9CF4.tmp
8/13/2008 8:29:17 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9E95.tmp
8/13/2008 10:52:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9F0D.tmp
8/13/2008 11:19:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9FD4.tmp
8/13/2008 9:12:17 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA078.tmp
8/13/2008 11:17:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA122.tmp
8/13/2008 10:17:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA192.tmp
8/13/2008 9:26:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA1C2.tmp
8/13/2008 9:36:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA257.tmp
8/13/2008 11:20:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA289.tmp
8/13/2008 11:45:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA292.tmp
8/13/2008 10:18:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA54F.tmp
8/13/2008 8:36:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA58F.tmp
8/13/2008 10:24:11 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA602.tmp
8/13/2008 8:17:07 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA67D.tmp
8/13/2008 9:13:09 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA68F.tmp
8/13/2008 9:58:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA6B8.tmp
8/13/2008 8:43:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA7A9.tmp
8/14/2008 12:10:51 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA7F0.tmp
8/13/2008 10:51:19 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA854.tmp
8/13/2008 11:47:28 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA8C3.tmp
8/13/2008 10:20:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFA986.tmp
8/13/2008 9:08:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFAA3E.tmp
8/13/2008 8:41:05 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFAADC.tmp
8/13/2008 9:01:42 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB01E.tmp
8/13/2008 11:36:38 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB2AE.tmp
8/13/2008 11:42:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB2B3.tmp
8/13/2008 8:54:07 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB317.tmp
8/13/2008 8:57:54 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB3DF.tmp
7/28/2008 11:08:45 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB44B.tmp
8/13/2008 11:06:48 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB5A8.tmp
8/13/2008 8:18:17 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB5E6.tmp
8/13/2008 11:56:37 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB6D3.tmp
8/13/2008 9:30:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB7F5.tmp
8/13/2008 11:54:21 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB8A0.tmp
8/13/2008 11:08:18 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB8D5.tmp
8/13/2008 10:14:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB9D4.tmp
8/13/2008 9:27:41 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBA00.tmp
8/13/2008 10:01:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBAED.tmp
8/13/2008 8:47:11 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBBBC.tmp
8/13/2008 10:25:43 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBC0A.tmp
8/13/2008 11:59:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBD98.tmp
8/13/2008 9:25:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFBE86.tmp
8/13/2008 9:03:12 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC091.tmp
8/13/2008 8:39:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC20.tmp
8/13/2008 11:04:32 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC38.tmp
8/13/2008 11:57:23 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC3DB.tmp
8/13/2008 9:39:22 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC4DE.tmp
8/13/2008 9:44:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC500.tmp
8/13/2008 9:05:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC7AB.tmp
8/13/2008 10:21:55 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC7F.tmp
8/13/2008 9:07:44 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC801.tmp
8/14/2008 12:12:16 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC88.tmp
8/13/2008 10:05:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC88B.tmp
8/13/2008 8:24:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC93E.tmp
8/13/2008 11:50:26 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC9B4.tmp
8/13/2008 8:19:28 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFC9D0.tmp
8/13/2008 8:51:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCA57.tmp
8/13/2008 10:57:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCA72.tmp
8/13/2008 10:43:35 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCAF6.tmp
8/13/2008 10:38:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCC59.tmp
8/13/2008 9:37:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCD03.tmp
8/13/2008 10:07:04 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCDF3.tmp
8/13/2008 8:37:44 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFCEC7.tmp
8/13/2008 10:45:05 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD07B.tmp
8/13/2008 11:51:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD119.tmp
8/13/2008 10:03:08 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD182.tmp
8/13/2008 9:31:32 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD185.tmp
8/13/2008 11:58:54 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD1FC.tmp
8/14/2008 12:01:22 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD20E.tmp
8/13/2008 9:32:28 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD221.tmp
8/13/2008 11:53:27 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD38A.tmp
8/13/2008 11:09:50 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD468.tmp
8/13/2008 8:20:37 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD4E4.tmp
8/13/2008 10:28:59 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD782.tmp
8/13/2008 8:30:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD824.tmp
8/13/2008 9:45:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD858.tmp
8/13/2008 10:59:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDA76.tmp
8/13/2008 10:39:40 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDD54.tmp
8/17/2008 11:19:07 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDE4A.tmp
8/13/2008 10:46:36 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDE6C.tmp
8/13/2008 10:11:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDF08.tmp
8/2/2008 9:34:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDF69.tmp
8/13/2008 11:23:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFDFD0.tmp
8/13/2008 8:44:52 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE00C.tmp
8/13/2008 10:08:37 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE0C5.tmp
8/13/2008 8:22:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE0E0.tmp
8/13/2008 4:05:38 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE0F4.tmp
8/14/2008 12:05:20 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE169.tmp
8/14/2008 12:02:54 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE221.tmp
8/13/2008 11:01:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE322.tmp
8/13/2008 11:25:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE386.tmp
8/14/2008 12:06:50 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE3D5.tmp
8/13/2008 11:16:47 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE56.tmp
8/13/2008 11:12:49 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE5D6.tmp
8/13/2008 10:50:33 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE64.tmp
8/13/2008 8:27:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE6E5.tmp
8/13/2008 9:17:57 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE88F.tmp
8/13/2008 9:33:59 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE8E9.tmp
8/13/2008 10:41:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE973.tmp
8/13/2008 10:37:15 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE98C.tmp
8/13/2008 10:04:39 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEAF7.tmp
8/13/2008 10:34:16 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEBE6.tmp
8/13/2008 8:33:10 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEC63.tmp
8/13/2008 10:42:41 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFED71.tmp
7/25/2008 5:03:03 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEDF9.tmp
8/13/2008 8:55:38 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEE11.tmp
8/17/2008 10:21:02 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEEEA.tmp
8/13/2008 11:55:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEF07.tmp
8/13/2008 10:49:01 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEF45.tmp
8/13/2008 9:54:59 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFEFE8.tmp
8/13/2008 9:11:31 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF088.tmp
8/13/2008 10:12:34 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF0E6.tmp
8/13/2008 10:35:46 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF167.tmp
8/13/2008 10:48:07 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF519.tmp
8/13/2008 10:30:29 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF7BA.tmp
8/14/2008 12:08:28 AM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFF8C9.tmp
8/13/2008 8:26:06 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFFA58.tmp
8/13/2008 11:32:51 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFFAE5.tmp
8/13/2008 9:24:25 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFFD17.tmp
8/13/2008 10:10:09 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFFD59.tmp
8/13/2008 8:40:20 PM 16384 32 C:\Documents and Settings\Matthew\Local Settings\Temp\~DFFFE6.tmp

====== Files and Folders under "All Users\Application Data" Last 30 Days======

8/17/2008 3:55:17 PM 0 C:\Documents and Settings\All Users\Application Data\MailFrontier
8/24/2008 6:03:20 PM 1001531 C:\Documents and Settings\All Users\Application Data\Malwarebytes
8/24/2008 6:03:20 PM 1001531 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B4CEB816-A720-423A-82F2-63553142634D}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
ZoneAlarm Spy Blocker BHO

====== Services ( Services that are Whitelisted are not shown) ======

Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - Auto

DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe" - Manual

Media Center Receiver Service (ehRecvr) C:\WINDOWS\eHome\ehRecvr.exe - Auto

Media Center Scheduler Service (ehSched) C:\WINDOWS\eHome\ehSched.exe - Auto

MHN (MHN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe - Auto

Trend Micro Central Control Component (PcCtlCom) C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe - Auto

RegSrvc (RegSrvc) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - Auto

SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter - Auto

Trend Micro Real-time Service (Tmntsrv) C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe - Auto

Trend Micro Personal Firewall (TmPfw) C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe - Auto

Trend Micro Proxy Service (tmproxy) C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe - Auto

Viewpoint Manager Service (Viewpoint Manager Service) "C:\Program Files\Viewpoint\Common\ViewpointService.exe" - Auto

WLANKEEPER (WLANKEEPER) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe - Auto

====== Running Processes ======

System Idle Process [0]
System [4]
smss.exe [864] \SystemRoot\System32\smss.exe
csrss.exe [1540]
winlogon.exe [1564] winlogon.exe
services.exe [1608] C:\WINDOWS\system32\services.exe
lsass.exe [1620] C:\WINDOWS\system32\lsass.exe
svchost.exe [1860] C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe [1928]
svchost.exe [276] C:\WINDOWS\System32\svchost.exe -k netsvcs
EvtEng.exe [312] "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
S24EvMon.exe [388] "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
WLKEEPER.exe [460] "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe"
svchost.exe [592]
svchost.exe [920]
vsmon.exe [1240] C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
spoolsv.exe [788] C:\WINDOWS\system32\spoolsv.exe
scardsvr.exe [780]
AppleMobileDeviceService.exe [1152] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
mDNSResponder.exe [1168] "C:\Program Files\Bonjour\mDNSResponder.exe"
ehrecvr.exe [952] C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe [140] C:\WINDOWS\eHome\ehSched.exe
MDM.EXE [148] "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NicConfigSvc.exe [528] "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe"
PcCtlCom.exe [712] C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
RegSrvc.exe [1236] "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
sprtsvc.exe [1396] "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /p dellsupportcenter
svchost.exe [1420]
svchost.exe [1432] C:\WINDOWS\system32\svchost.exe -k imgsvc
Tmntsrv.exe [1372] c:\progra~1\trendm~1\intern~2\tmntsrv.exe
tmproxy.exe [376] C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
mcrdsvc.exe [1272]
ZCfgSvc.exe [2888] "C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe"
explorer.exe [3268] C:\WINDOWS\Explorer.EXE
1XConfig.exe [3740] C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -Embedding
ehtray.exe [3832] "C:\WINDOWS\ehome\ehtray.exe"
hkcmd.exe [4016] "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe [4044] "C:\WINDOWS\system32\igfxpers.exe"
SynTPEnh.exe [3376] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
igfxsrvc.exe [1364] C:\WINDOWS\system32\igfxsrvc.exe -Embedding
iFrmewrk.exe [1692] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
stsystra.exe [1768] "C:\WINDOWS\stsystra.exe"
DMXLauncher.exe [1880] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
quickset.exe [2052] "C:\Program Files\Dell\QuickSet\quickset.exe"
issch.exe [2100] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DLACTRLW.EXE [2128] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
jusched.exe [2212] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
hpwuSchd2.exe [2272] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
pccguide.exe [3960] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
realsched.exe [2644] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
sprtcmd.exe [2660] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
iTunesHelper.exe [3152] "C:\Program Files\iTunes\iTunesHelper.exe"
zlclient.exe [3220] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
DSAgnt.exe [3424] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
TMAS_OEMon.exe [3456] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
wmiprvse.exe [3472]
ctfmon.exe [2520] "C:\WINDOWS\system32\ctfmon.exe"
DLG.exe [1584] "C:\Program Files\Digital Line Detect\DLG.exe"
hpqtra08.exe [3984] "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
SentrilockCardUtility.exe [1024] "C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe"
ehmsas.exe [3132] C:\WINDOWS\eHome\ehmsas.exe -Embedding
iPodService.exe [3912] "C:\Program Files\iPod\bin\iPodService.exe"
dllhost.exe [3620] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
dllhost.exe [3656] C:\WINDOWS\system32\DllHost.exe /Processid:{BAA8FB92-D1E7-4181-B0EE-94DA3329F7C0}
hpqste08.exe [3324] "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F300 series#1167059280" -Startup
jucheck.exe [500] "C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe" -auto
ISUSPM.exe [2388] "c:\program files\common files\installshield\updateservice\isuspm.exe" /scheduler
agent.exe [2792] "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
firefox.exe [304] "C:\Program Files\Mozilla Firefox\firefox.exe"
mbam.exe [268] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
notepad.exe [1464] "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Matthew\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-08-24-2008 (21-02-29).txt
wscript.exe [1220] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Matthew\Desktop\FileLister\FileLister.vbe"
wmiprvse.exe [3508]

====== Uninstall List From Registry ======

OTOY
SCRABBLE
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AIM 6
Arthur's Preschool
Otto
Brownstone Equation Editor 5
Conexant HDA D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Game Console
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
ESPNMotion
Free DVD Decrypter version 1.3
Free Mp3 Wma Converter V 1.6.3
Free YouTube to iPod Converter version 3.1
Freecorder Toolbar
Freecorder Toolbar 3.0 Application
Freecorder Toolbar 3.01 Application
Freecorder Toolbar 3.02 Application
HijackThis 2.0.2
HP Imaging Device Functions 7.0
HP Solution Center 7.0
HP Customer Participation Program 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Chutes and Ladders
High Definition Audio Driver Package - KB835221
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Player 10 Hotfix - KB895316
Update Rollup 2 for Windows XP Media Center Edition 2005
Hotfix for Windows Media Player 10 (KB903157)
Windows XP Media Center Edition 2005 KB908246
Update for Windows Media Player 10 (KB910393)
Security Update for Windows Media Player 10 (KB911565)
Update for Windows Media Player 10 (KB913800)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Windows XP Media Center Edition 2005 KB925766
Update for Windows Media Player 10 (KB926251)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.1)
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Microsoft National Language Support Downlevel APIs
NoteBurner 2.14
OboeIE 1.5
P2P Energy Toolbar
Picasa 2
Points Calculator (remove only)
Prism
Intel(R) PROSet/Wireless Software
RealPlayer
RegistryFix v5.5
Replay Media Catcher
Sentrilock Card Utility
Learn2 Player (Uninstall Only)
Synaptics Pointing Device Driver
Trend Micro PC-cillin Internet Security 14
Tutor
Typing Tutor 10
Uninstall 1.0.0.1
WebCyberCoach 3.2 Dell
West Point Bridge Designer 2007
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
whomadewho Screen Saver
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XoftSpySE
ZipForm Desktop
ZoneAlarm
ZoneAlarm Spy Blocker
Apple Software Update
F300
mSSO
Ultimate Image Recovery
Roxio RecordNow Data
QuickTime
mLogView
Microsoft Plus! Photo Story 2 LE
Roxio DLA
Google Earth
Internal Network Card Power Management
Roxio MyDVD Plus
Rhapsody Player Engine
Google Toolbar for Internet Explorer
HPPhotoSmartExpress
mProSafe
Scrabble 2
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Windows Media Player 10
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Virtual Earth 3D (Beta)
OverDrive Media Console
iTunes
mIWA
NetWaiting
Dell CinePlayer
BufferChm
ELIcon
Bonjour
Apple Mobile Device Support
mHlpDell
HPProductAssistant
MREP Custom Review Builder
FreeRIP v3.081
Dell Driver Reset Tool
Sonic Activation Module
MP3 Player Utilities 3.68
AOLIcon
WebReg
eSupportQFolder
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
AiOSoftwareNPI
Toolbox
HP Photosmart Essential
mCore
Microsoft Plus! Digital Media Edition Installer
CustomerResearchQFolder
mIWCA
Java 2 Runtime Environment, SE v1.4.2_03
MSXML 4.0 SP2 Parser and SDK
EarthLink setup files
Microsoft Visual C++ 2005 Redistributable
Readme
Dell System Restore
MP3 Player Utilities 4.00
Get High Speed Internet!
ProductContextNPI
DellSupport
Modem Helper
Status
Form Viewer
Microsoft Silverlight
Intel(R) Graphics Media Accelerator Driver for Mobile
Corel Photo Album 6
mPfMgr
MP3 Player Utilities 4.13
URGE
Microsoft Office FrontPage 2003
mPfWiz
Microsoft Office Professional Edition 2003
mZConfig
SCR33xx USB Smartcard Reader
Sonic Encoders
ScannerCopy
mXML
DeviceManagementQFolder
Roxio RecordNow Audio
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Documentation & Support Launcher
Roxio RecordNow Copy
Microsoft .NET Framework 2.0 Service Pack 1
Games, Music, & Photos Launcher
HP Software Update
HP Photosmart, Officejet and Deskjet 7.0.A
MSXML 4.0 SP2 (KB936181)
QuickSet
SolutionCenter
AiO_Scan_CDA
Safari
mToolkit
Microsoft .NET Framework 1.1
Napster for Windows Media Player
TrayApp
Google Toolbar for Internet Explorer
MarketResearch
Dell Support Center
F300_Help
Digital Line Detect
eNeighborhoods ()
Musicmatch for Windows Media Player
Trend Micro PC-cillin Internet Security 14
mMHouse
InstantShareDevicesMFC
Scan
Fax_CDA
mDrWiFi
Destinations
NewCopy_CDA
mWlsSafe

======== Other Info ========

TOTAL PHYSICAL RAM: 1065 MB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:32 PM, on 8/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Sideload.BHO - {B4CEB816-A720-423A-82F2-63553142634D} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.ci.carmel.in.us/control/MgAxCtrl.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://www.totsites.com/admin/includes/ ... oader4.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13601 bytes

by **Carolyn** » August 25th, 2008, 8:11 am

Hello,

Download FileFind by Atribune.

Double click on FileFind.exe to open the programme.
Enter iexplore.exe into the File: box.
Click on the Search button.
After a while a list of file locations will appear in the List of Files: box.
Click on the Export button.

This will create a Notepad file named Export.txt located in the C:\ folder, copy and paste it to your next post please.

Next, please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Please post the following:

The contents of Export.txt
The Kaspersky log
A fresh HijackThis log
A description of how your computer is behaving.

by **minman** » August 25th, 2008, 11:24 pm

Carolyn---thanks for all the help so far. I followed your instructions. My computer is working fine right now--although there do seem to be infected files. A couple of days ago, the iexplore.exe just stopped trying to run every few seconds.

FileFind results:

C:\Program Files\Internet Explorer\iexplore.exe - 625664 Bytes
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe - 93184 Bytes
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\iexplore.exe - 93184 Bytes
C:\WINDOWS\system32\dllcache\iexplore.exe - 625664 Bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 15:15:15
Records in database: 1144482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 163122
Threat name: 5
Infected objects: 5
Suspicious objects: 1
Duration of the scan: 03:23:51

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Documents\MP3 Player Utilities 4.00\MSI.CAB Infected: not-a-virus:RiskTool.Win32.Deleter.e 1
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-20b33256 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-6781e3d5-1c3e050c.class Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IHWXYD6V\WIN%209,0,115,0swf[1].htm Infected: Exploit.SWF.Downloader.c 1
C:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe Infected: not-a-virus:RiskTool.Win32.Deleter.e 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03 PM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OL\TMAS_OL.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Sideload.BHO - {B4CEB816-A720-423A-82F2-63553142634D} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.ci.carmel.in.us/control/MgAxCtrl.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://www.totsites.com/admin/includes/ ... oader4.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13794 bytes

by **Carolyn** » August 27th, 2008, 6:26 am

Hello,

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all

C:\Documents and Settings\All Users\Documents\MP3 Player Utilities 4.00\MSI.CAB
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-20b33256
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-6781e3d5-1c3e050c.class
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IHWXYD6V\WIN%209,0,115,0swf[1].htm

Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.

-------------------------------------------------------

Please download ATF cleaner
Make sure that all browser windows are closed.

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

No

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

No

Click Exit on the Main menu to close the program.

-------------------------------------------------------

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

-------------------------------------------------------

Please post the following:

The OTMoveIt2 log
The Eset log
A fresh HijackThis log

by **minman** » August 27th, 2008, 7:28 pm

C:\Documents and Settings\All Users\Documents\MP3 Player Utilities 4.00\MSI.CAB moved successfully.
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-20b33256 moved successfully.
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-6781e3d5-1c3e050c.class moved successfully.
< C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IHWXYD6V\WIN%209,0,115,0swf[1].htm >
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IHWXYD6V\WIN%209,0,115,0swf[1].htm moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_154418

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3393 (20080827)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9e8908cc525f32479b13e94c679a7d7e
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-27 11:07:43
# local_time=2008-08-27 07:07:43 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=526231
# found=10
# scan_time=10867
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-4f6ab2f7 Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-6e1089eb a variant of Java/TrojanDownloader.OpenStream.NAD trojan EB4E16950434732244EFE1BB8161F92E
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-6e1089eb »ZIP »Java2SE.class a variant of Java/TrojanDownloader.OpenStream.NAD trojan 00000000000000000000000000000000
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-25a3706f Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\40\2fe55068-2914aa09 Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-1cb9b48a Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Bailey\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application 9A7EF09167A6F4433681B94351509043
C:\_OTMoveIt\MovedFiles\08272008_154418\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-20b33256 Java/TrojanDownloader.OpenStream.NAB trojan CEC0DD504B18CCC2D97A22CECE9C96E7
C:\_OTMoveIt\MovedFiles\08272008_154418\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-20b33256 »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\08272008_154418\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IHWXYD6V\WIN%209,0,115,0swf[1].htm SWF/Exploit.CVE-2007-0071 trojan 7F82AEEF08395812F00BF6BF0B5201AB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:14 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OL\TMAS_OL.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Sideload.BHO - {B4CEB816-A720-423A-82F2-63553142634D} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.ci.carmel.in.us/control/MgAxCtrl.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://www.totsites.com/admin/includes/ ... oader4.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14024 bytes

by **Carolyn** » August 29th, 2008, 4:43 pm

Hello,

I apologize for not replying sooner. It's been a crazy week.
----------------------------------------

The following HijackThis entries may indicate that you are using more than one firewall,

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall can provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources. I strongly suggest that you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one firewall.

----------------------------------------

Registry Cleaners

I notice the presence of Uniblue Registry Booster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------

Next, Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all

C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-4f6ab2f7
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-6e1089eb
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-25a3706f
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\40\2fe55068-2914aa09
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-1cb9b48a
C:\Documents and Settings\Bailey\Local Settings\Temp\removalfile.bat

Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.

----------------------------------------

Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Sideload.BHO - {B4CEB816-A720-423A-82F2-63553142634D} - mscoree.dll (file missing)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

----------------------------------------

Please post a fresh HijackThis log and a description of how your computer is behaving.

by **minman** » August 29th, 2008, 5:54 pm

C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-4f6ab2f7 moved successfully.
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-6e1089eb moved successfully.
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-25a3706f moved successfully.
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\40\2fe55068-2914aa09 moved successfully.
C:\Documents and Settings\Bailey\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-1cb9b48a moved successfully.
C:\Documents and Settings\Bailey\Local Settings\Temp\removalfile.bat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_174433

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:47 PM, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.ci.carmel.in.us/control/MgAxCtrl.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://www.totsites.com/admin/includes/ ... oader4.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13488 bytes

Carolyn,
I downloaded the Uniblue Registry Cleaner by mistake a couple of days ago. I didn't use it, though. I also disabled one of the firewalls. Log files are attached. The computer seems to be running OK. Could sideload have been the source of my problems? If so, I'll make sure my son stops using it. Thanks.

Matt

by **Carolyn** » August 30th, 2008, 3:02 pm

Hi Matt,

I don't think the problem was related to sideload. I suspect the strange iexplore.exe behavior was caused by having more than one Firewall.

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp.
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 7.
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

This is my general post for when your logs show no more signs of malware

- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please delete FileFind.exe and FileLister.exe from your computer.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

CleanUp! with OTMoveIt2

Double click OTMoveIt2.exe to launch the programme.
Click on the CleanUp! button.
OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
When finished exit out of OTMoveIt
The tool will delete itself once it finishes, if not delete it by yourself.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear Infected System Restore Points
- Turn System Restore off
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
  Restart your computer
- Turn System Restore on
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Uncheck *Turn off System Restore*.
- Click Apply, and then click OK.
Note: only do this once,and not on a regular basis
Set correct settings for files
- Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
- Under Hidden files and folders if necessary select Do not show hidden files and folders.
- If unchecked please check Hide protected operating system files (Recommended)
- If necessary check Display content of system folders
- If necessary Uncheck Hide file extensions for known file types.
- Click OK
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Continue to use a firewall with outbound protection
The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:

Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox
Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

by **minman** » September 2nd, 2008, 2:52 pm

Carolyn,
I have implemented most of what you suggested. My computer feels safe right now. Thank you for all your help.

Matt

by **NonSuch** » September 3rd, 2008, 9:02 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

New to the forum--I have a virus disguised as iexplore.exe

New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Re: New to the forum--I have a virus disguised as iexplore.exe

Who is online