VUNDO (via winantivrus) strikes again!

Question

Hello ... this laptop had win antivirus willingly installed by an unknowing victim. Because of my previous experience with this bug on this forum, I have downloded and installed HJT, and renamed it to analyzer.exe. Here is a fresh log run today: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:09:05 PM, on 1/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dldncoms.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\Program Files\Dell V105\dldnmon.exeC:\Program Files\CyberLink\PCM4Everio\EverioService.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Dell V105\dldnMsdMon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Microsoft Money\System\Money Express.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Documents and Settings\username\My Documents\Kill It\analyzer.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.comR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLLR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: (no name) - {2496BB14-143C-4DFE-94D6-060C92CFAC29} - C:\WINDOWS\system32\khFYpmKD.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dllO2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\qoMCUOIc.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: (no name) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dll (file missing)O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [ShowLOMControl] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exeO4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe'O4 - HKLM\..\Run: [dscactivate] 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'O4 - HKLM\..\Run: [YSearchProtection] 'C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe'O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe'O4 - HKLM\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKLM\..\Run: [IntelZeroConfig] 'C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe'O4 - HKLM\..\Run: [IntelWireless] 'C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe' /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [avgnt] 'C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe' /minO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPFO4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] 'C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe' /m=2 /wO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeO4 - HKLM\..\Run: [MoneyStartUp10.0] 'C:\Program Files\Microsoft Money\System\Activation.exe'O4 - HKLM\..\Run: [dldnmon.exe] 'C:\Program Files\Dell V105\dldnmon.exe'O4 - HKLM\..\Run: [dldnamon] 'C:\Program Files\Dell V105\dldnamon.exe'O4 - HKLM\..\Run: [EverioService] 'C:\Program Files\CyberLink\PCM4Everio\EverioService.exe'O4 - HKLM\..\Run: [5c987690] rundll32.exe 'C:\WINDOWS\system32\iosbwtsd.dll',bO4 - HKCU\..\Run: [msnmsgr] 'C:\Program Files\MSN Messenger\msnmsgr.exe' /backgroundO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [86879277169673335412758446224983] C:\Program Files\Antivirus 2009\av2009.exeO4 - HKCU\..\Run: [MoneyAgent] 'C:\Program Files\Microsoft Money\System\Money Express.exe'O4 - HKCU\..\Run: [GetModule32] C:\Program Files\GetModule\GetModule32.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\kellie nicolle\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL kgwfxb.dllO20 - Winlogon Notify: qoMCUOIc - qoMCUOIc.dll (file missing)O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldnserv.exeO23 - Service: dldn_device -   - C:\WINDOWS\system32\dldncoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exeO23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 14241 bytes Thank you in advance for any assistance you, the lucky taker, can provide.

bamajim · Answer

E310 1. Go HERE and download File Lister. Save it to your Desktop Rt Click ->> Extract all ->> And extract it to your Desktop Additional help on extracting zip files can be found HERE Open the File Lister Folder. Rt Click FileLister.vbe ->>Select Open Then Open to confirm. As the program runs, it will appear that nothing is happening. When the program is fnished it will produce a log for you C:\Files.txt Copy and paste the contents of that log in your reply.

E310 · Answer

Thanks, bamajim! The result was:   ++++++++++++++++++++++++++++++++++ File Lister  Version 1.0.5++  By bamajim / bamajim.com+++++++++++++++++++++++++++++++++Report ran on --->>>  1/17/2009 9:34:24 AM====== Running Processes ======C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dldncoms.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\Program Files\Dell V105\dldnmon.exeC:\Program Files\CyberLink\PCM4Everio\EverioService.exeC:\Program Files\Dell V105\dldnMsdMon.exeC:\WINDOWS\system32undll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Microsoft Money\System\Money Express.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Microsoft Money\System\urlmap.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\System32\WScript.exe====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======BHO: (NO NAME) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllBHO: (NO NAME) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dllBHO: {af305980-47dc-259b-4b14-07c998f3ae14} - {41ea3f89-9c70-41b4-b952-cd74089503fa} - C:\WINDOWS\system32\mwrhva.dllBHO: (NO NAME) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dllBHO: (NO NAME) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\qoMCUOIc.dllBHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllBHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllBHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllBHO: (NO NAME) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dllBHO: (NO NAME) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllBHO: (NO NAME) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: (NO NAME) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll====== Values under HKLM\~\Run ======REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ehTray'='C:\WINDOWS\ehome\ehtray.exe''igfxtray'='C:\WINDOWS\system32\igfxtray.exe''igfxhkcmd'='C:\WINDOWS\system32\hkcmd.exe''igfxpers'='C:\WINDOWS\system32\igfxpers.exe''SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe''SigmatelSysTrayApp'='stsystra.exe''ShowLOMControl'=dword:00000001'dla'='C:\WINDOWS\system32\dla\tfswctrl.exe''QuickTime Task'='\'C:\Program Files\QuickTime\qttask.exe\' -atboottime''SunJavaUpdateSched'='\'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\'''dscactivate'='\'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe\'''YSearchProtection'='\'C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe\'''Adobe Reader Speed Launcher'='\'C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\'''DellSupportCenter'='\'C:\Program Files\Dell Support Center\bin\sprtcmd.exe\' /P DellSupportCenter''IntelZeroConfig'='\'C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe\'''IntelWireless'='\'C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe\' /tf Intel PROSet/Wireless''avgnt'='\'C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\' /min''MyWebSearch Plugin'='rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF''My Web Search Bar Search Scope Monitor'='\'C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe\' /m=2 /w''MyWebSearch Email Plugin'='C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe''MoneyStartUp10.0'='\'C:\Program Files\Microsoft Money\System\Activation.exe\'''dldnmon.exe'='\'C:\Program Files\Dell V105\dldnmon.exe\'''dldnamon'='\'C:\Program Files\Dell V105\dldnamon.exe\'''EverioService'='\'C:\Program Files\CyberLink\PCM4Everio\EverioService.exe\'''5c987690'='rundll32.exe \'C:\WINDOWS\system32\hoyabdex.dll\',b'[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]@=''[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]'Installed'='1'@=''[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]'NoChange'='1''Installed'='1'@=''[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]'Installed'='1'@=''====== Values under HKCU\~\Run ======REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'msnmsgr'='\'C:\Program Files\MSN Messenger\msnmsgr.exe\' /background''DellSupport'='\'C:\Program Files\DellSupport\DSAgnt.exe\' /startup''DellSupportCenter'='\'C:\Program Files\Dell Support Center\bin\sprtcmd.exe\' /P DellSupportCenter''YSearchProtection'='C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe''86879277169673335412758446224983'='C:\Program Files\Antivirus 2009\av2009.exe''MoneyAgent'='\'C:\Program Files\Microsoft Money\System\Money Express.exe\'''GetModule32'='C:\Program Files\GetModule\GetModule32.exe''swg'='C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe'====== Folders and Files from '%\' and '%\Windows' Created Last 60 Days ======1/4/2009 3:34:16 PM    787    C:\!KillBox1/4/2009 3:34:16 PM    787    C:\!KillBox\Logs11/23/2008 9:45:18 AM    0    C:\logs12/25/2008 8:19:45 PM    1456343498    C:\MyWorks12/25/2008 9:11:11 PM    1456343498    C:\MyWorks\EverioBackup12/25/2008 9:11:25 PM    1456319488    C:\MyWorks\EverioBackup\0000000046d312/25/2008 9:11:25 PM    1456319488    C:\MyWorks\EverioBackup\0000000046d3\PRG00112/6/2008 2:34:41 PM    5495    C:\spoolerlogs1/4/2009 3:55:20 PM    0    C:\VundoFix Backups1/17/2009 9:34:24 AM    8112    32    C:\Files.txt12/28/2008 8:54:25 PM    1063714816    38    C:\hiberfil.sys1/4/2009 3:55:13 PM    159    32    C:\vundofix.txt12/10/2008 4:03:04 AM    4114368    C:\WINDOWS\$NtUninstallKB952069_WM9$12/10/2008 4:03:04 AM    624576    C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst12/10/2008 4:02:58 AM    870561    C:\WINDOWS\$NtUninstallKB954600$12/10/2008 4:02:58 AM    623747    C:\WINDOWS\$NtUninstallKB954600$\spuninst12/10/2008 4:03:49 AM    684941    C:\WINDOWS\$NtUninstallKB955839$12/10/2008 4:03:49 AM    624525    C:\WINDOWS\$NtUninstallKB955839$\spuninst12/10/2008 4:00:55 AM    908796    C:\WINDOWS\$NtUninstallKB956802$12/10/2008 4:00:55 AM    623612    C:\WINDOWS\$NtUninstallKB956802$\spuninst11/18/2008 8:49:46 PM    1071    32    C:\WINDOWS\AWMODEM.INF12/10/2008 4:03:03 AM    11901    32    C:\WINDOWS\KB952069.log12/10/2008 4:02:57 AM    8440    32    C:\WINDOWS\KB954600.log12/9/2008 5:13:01 PM    37996    32    C:\WINDOWS\KB955839.log12/9/2008 4:52:02 PM    15067    32    C:\WINDOWS\KB956802.log12/10/2008 4:03:10 AM    22838    32    C:\WINDOWS\KB958215-IE7.log12/18/2008 3:11:29 PM    8677    32    C:\WINDOWS\KB960714-IE7.log12/28/2008 3:50:45 PM    12    32    C:\WINDOWS\wiaserviv.log12/18/2008 10:35:10 PM    18393444    C:\WINDOWS\system32\Adobe12/18/2008 10:35:11 PM    317516    C:\WINDOWS\system32\Adobe\Director12/18/2008 10:35:10 PM    18075928    C:\WINDOWS\system32\Adobe\Shockwave 1112/18/2008 10:35:14 PM    11165184    C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras12/28/2008 3:59:51 PM    0    32    C:\WINDOWS\system32\57bbb2ee-.txt1/10/2009 4:28:14 AM    1265695    38    C:\WINDOWS\system32\cmoapqym.ini1/7/2009 9:21:34 PM    72704    32    C:\WINDOWS\system32\cxmuondh.dll1/4/2009 8:36:00 AM    1681574    38    C:\WINDOWS\system32\DKmpYFhk.ini1/4/2009 8:36:00 AM    1681574    38    C:\WINDOWS\system32\DKmpYFhk.ini211/23/2008 9:37:51 AM    1921    32    C:\WINDOWS\system32\dldn.loc11/23/2008 9:43:49 AM    81920    32    C:\WINDOWS\system32\dldncaps.dll11/23/2008 9:37:51 AM    77906    32    C:\WINDOWS\system32\DLDNcfg.dll11/23/2008 9:37:51 AM    365808    32    C:\WINDOWS\system32\dldncfg.exe11/23/2008 9:43:48 AM    69632    32    C:\WINDOWS\system32\dldncnv4.dll11/23/2008 9:44:53 AM    360448    32    C:\WINDOWS\system32\dldncoin.dll11/23/2008 9:37:51 AM    851968    32    C:\WINDOWS\system32\dldncomc.dll11/23/2008 9:37:51 AM    376832    32    C:\WINDOWS\system32\dldncomm.dll11/23/2008 9:37:52 AM    595184    32    C:\WINDOWS\system32\dldncoms.exe11/23/2008 9:37:52 AM    77824    32    C:\WINDOWS\system32\dldncu.dll11/23/2008 9:37:52 AM    86016    32    C:\WINDOWS\system32\dldncub.dll11/23/2008 9:37:52 AM    36864    32    C:\WINDOWS\system32\dldncur.dll11/23/2008 9:43:48 AM    782336    32    C:\WINDOWS\system32\dldndrs.dll11/23/2008 9:37:52 AM    983121    32    C:\WINDOWS\system32\dldngf.dll11/23/2008 9:37:52 AM    208896    32    C:\WINDOWS\system32\dldngrd.dll11/23/2008 9:37:52 AM    663552    32    C:\WINDOWS\system32\dldnhbn3.dll11/23/2008 9:37:55 AM    438272    32    C:\WINDOWS\system32\DLDNhcp.dll11/23/2008 9:37:54 AM    339968    32    C:\WINDOWS\system32\dldniesc.dll11/23/2008 9:37:52 AM    320752    32    C:\WINDOWS\system32\dldnih.exe11/23/2008 9:37:54 AM    364544    32    C:\WINDOWS\system32\dldninpa.dll11/23/2008 9:37:53 AM    176128    32    C:\WINDOWS\system32\dldnins.dll11/23/2008 9:37:53 AM    176128    32    C:\WINDOWS\system32\dldninsb.dll11/23/2008 9:37:53 AM    106496    32    C:\WINDOWS\system32\dldninsr.dll11/23/2008 9:37:55 AM    348160    32    C:\WINDOWS\system32\DLDNinst.dll11/23/2008 9:37:53 AM    143360    32    C:\WINDOWS\system32\dldnjswr.dll11/23/2008 9:37:53 AM    569344    32    C:\WINDOWS\system32\dldnlmpm.dll11/23/2008 9:37:53 AM    647168    32    C:\WINDOWS\system32\dldnpmui.dll11/23/2008 9:37:53 AM    53248    32    C:\WINDOWS\system32\dldnprox.dll11/23/2008 9:44:46 AM    72625    32    C:\WINDOWS\system32\dldnprpr.chm11/23/2008 9:37:54 AM    1105920    32    C:\WINDOWS\system32\dldnserv.dll11/23/2008 9:37:54 AM    843776    32    C:\WINDOWS\system32\dldnusb1.dll11/23/2008 9:37:54 AM    520192    32    C:\WINDOWS\system32\dldnutil.dll11/23/2008 9:44:55 AM    40960    32    C:\WINDOWS\system32\dldnvs.dll11/23/2008 9:38:10 AM    102400    32    C:\WINDOWS\system32\dldnwupd.dll11/23/2008 9:38:10 AM    17648    32    C:\WINDOWS\system32\dldnwupd.exe1/13/2009 4:29:47 AM    1375225    38    C:\WINDOWS\system32\dstwbsoi.ini1/13/2009 4:30:42 AM    129024    32    C:\WINDOWS\system32\ffjsgeuh.dll1/5/2009 10:02:31 AM    1320830    38    C:\WINDOWS\system32\fyqjhybw.ini1/7/2009 9:21:35 PM    1320830    38    C:\WINDOWS\system32\hdnoumxc.ini12/30/2008 3:59:51 PM    129024    32    C:\WINDOWS\system32\hfcakb.dll1/17/2009 2:51:06 AM    72704    32    C:\WINDOWS\system32\hoyabdex.dll12/28/2008 4:05:43 PM    1306974    38    C:\WINDOWS\system32\ideiivmj.ini1/1/2009 9:20:11 PM    129024    32    C:\WINDOWS\system32\imtgebij.dll1/2/2009 11:40:22 PM    129024    32    C:\WINDOWS\system32\jhdovurt.dll12/28/2008 4:05:32 PM    72704    32    C:\WINDOWS\system32\jmviiedi.dll1/3/2009 2:13:05 PM    129024    32    C:\WINDOWS\system32\kbdkoxgx.dll1/13/2009 4:30:43 AM    129024    32    C:\WINDOWS\system32\kgwfxb.dll1/4/2009 8:35:57 AM    302592    32    C:\WINDOWS\system32\khFYpmKD.VIR0001/2/2009 11:40:23 PM    129024    32    C:\WINDOWS\system32\koduro.dll1/3/2009 4:14:24 AM    72704    32    C:\WINDOWS\system32\ksuupuyw.dll1/10/2009 4:24:11 AM    129024    32    C:\WINDOWS\system32\kxwvgb.dll11/23/2008 9:37:51 AM    75516    32    C:\WINDOWS\system32\LexFiles.ulf1/6/2009 1:37:11 PM    120    38    C:\WINDOWS\system32\lorwumat.ini1/6/2009 1:37:11 PM    120    38    C:\WINDOWS\system32\lorwumat.tmp12/31/2008 4:31:09 AM    143    32    C:\WINDOWS\system32\mcrh.tmp12/25/2008 8:49:51 PM    44544    32    C:\WINDOWS\system32\msxml4a.dll1/17/2009 2:51:14 AM    129024    32    C:\WINDOWS\system32\mwrhva.dll1/15/2009 2:04:08 PM    129024    32    C:\WINDOWS\system32
qexrf.dll1/5/2009 10:05:31 AM    129024    32    C:\WINDOWS\system32\pkbpjggj.dll1/7/2009 9:21:38 PM    129024    32    C:\WINDOWS\system32\qamywpuu.dll12/28/2008 3:50:51 PM    34816    32    C:\WINDOWS\system32\qoMCUOIc.VIR1/6/2009 1:45:47 PM    129024    32    C:\WINDOWS\system32\qupfqkhl.dll1/5/2009 10:05:32 AM    129024    32    C:\WINDOWS\system32\qxfpfj.dll1/17/2009 2:51:11 AM    129024    32    C:\WINDOWS\system32pjnqung.dll12/30/2008 3:59:49 PM    129024    32    C:\WINDOWS\system32saisxgh.dll1/4/2009 8:39:08 AM    1307379    38    C:\WINDOWS\system32\spykvhev.ini12/28/2008 3:56:30 PM    729126    38    C:\WINDOWS\system32	uCcbcdd.ini12/28/2008 3:56:31 PM    729126    38    C:\WINDOWS\system32	uCcbcdd.ini21/15/2009 2:01:00 PM    1402999    38    C:\WINDOWS\system32\ueyecbqg.ini1/4/2009 8:39:03 AM    129024    32    C:\WINDOWS\system32\vbuynlkp.dll1/1/2009 9:14:15 PM    1307356    38    C:\WINDOWS\system32\vjmdwddc.ini1/15/2009 2:04:08 PM    129024    32    C:\WINDOWS\system32\whcihuki.dll11/23/2008 9:44:08 AM    87040    32    C:\WINDOWS\system32\wiafbdrv.dll1/2/2009 11:49:00 PM    1307356    38    C:\WINDOWS\system32\wvlmdgcp.ini1/3/2009 4:14:25 AM    1307356    38    C:\WINDOWS\system32\wyupuusk.ini1/17/2009 2:51:07 AM    1402999    38    C:\WINDOWS\system32\xedbayoh.ini12/28/2008 4:00:23 PM    129024    32    C:\WINDOWS\system32\ycwkfhhh.dll1/1/2009 9:20:12 PM    129024    32    C:\WINDOWS\system32\yesusb.dll12/28/2008 4:00:24 PM    129024    32    C:\WINDOWS\system32\ygdoae.dll1/10/2009 4:24:10 AM    129024    32    C:\WINDOWS\system32\yydonerk.dll====== Files under '\Administrator\Startup' Last 60 Days============ Files under '\All Users\Startup' Last 60 Days============ Folders under '\Program Files' Last 60 Days======11/23/2008 9:43:05 AM    121150841    C:\Program Files\Abbyy FineReader 6.0 Sprint11/23/2008 9:43:17 AM    1088166    C:\Program Files\Abbyy FineReader 6.0 Sprint\Demo11/23/2008 9:43:29 AM    5447    C:\Program Files\Abbyy FineReader 6.0 Sprint\Readme11/23/2008 9:43:07 AM    492662    C:\Program Files\Abbyy FineReader 6.0 Sprint\Resource11/23/2008 9:43:14 AM    7965    C:\Program Files\Abbyy FineReader 6.0 Sprint\Resource\CMAP11/23/2008 9:43:07 AM    484697    C:\Program Files\Abbyy FineReader 6.0 Sprint\Resource\FONT11/23/2008 9:43:15 AM    1586045    C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan11/23/2008 9:43:17 AM    282896    C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\Twain11/23/2008 9:43:07 AM    948860    C:\Program Files\Abbyy FineReader 6.0 Sprint\Support11/23/2008 9:38:07 AM    139461403    C:\Program Files\Dell V10511/23/2008 9:38:07 AM    2941331    C:\Program Files\Dell V105\Diagnostics11/23/2008 9:38:10 AM    46080911    C:\Program Files\Dell V105\Drivers11/23/2008 9:44:43 AM    7939632    C:\Program Files\Dell V105\Drivers\COMMON11/23/2008 9:44:43 AM    198684    C:\Program Files\Dell V105\Drivers\COMMON\ENGLISH11/23/2008 9:43:49 AM    520738    C:\Program Files\Dell V105\Drivers\ENGLISH11/23/2008 9:38:10 AM    36846371    C:\Program Files\Dell V105\Drivers\i38611/23/2008 9:38:10 AM    1118720    C:\Program Files\Dell V105\Drivers\i386\ENGLISH11/23/2008 9:43:42 AM    6341132    C:\Program Files\Dell V105\Install11/23/2008 9:43:44 AM    183580    C:\Program Files\Dell V105\Install\Config11/23/2008 9:43:45 AM    77724    C:\Program Files\Dell V105\Install\Config\Image11/23/2008 9:43:44 AM    48114    C:\Program Files\Dell V105\Install\Config\NLS11/23/2008 9:43:42 AM    6157552    C:\Program Files\Dell V105\Install\x8611/23/2008 9:42:38 AM    32894940    C:\Program Files\Dell V105\PhotoCards11/23/2008 9:42:28 AM    5222132    C:\Program Files\Dell V105\Scripts12/25/2008 8:18:33 PM    8662767    C:\Program Files\Digital Photo Navigator 1.51/3/2009 1:39:05 AM    1514309    C:\Program Files\SpywareGuard====== Files under '\System32\Drivers' Last 60 Days======11/22/2008 2:58:26 PM    25856    32    C:\WINDOWS\system32\drivers\usbprint.sys====== Files Deleted under '%Temp%' ======C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\2ASPOZ6W.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\2KH9TNST.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\71ODIGZ6.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\79E6F8.dmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\AbbyyMsiLog.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ALPRSEQE.zip.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ASPNETSetup_00000.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\AUInst.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\d214_appcompat.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_netfx20MSI65AA.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_netfx20UI65AA.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dldnscan.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dvpmgr.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dw.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_GeFJEg21mNLmnMoaUOHsC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\FileLister.zipC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\FTM+zqGP.wmv.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\i8rt_bvB.zip.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC36.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC48.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT40.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT41.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT42.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMTAE.xslC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMTAF.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\install.isfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Install_WLMessenger.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\java_install.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\java_install_reg.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\java_install_sp.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET18AE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET5BCF.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET5E3E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET62A9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET769A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET9AC7.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET9FC5.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETD329.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETD368.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETD717.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETE0C1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jinstall.cfgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jusched.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\kleenex.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\lBvHLvJv.exe.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\listerine.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\logger.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\LxProxy.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft Office PowerPoint Viewer 2007 (0).logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\mnypkg.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\mnyscost.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\mnysetup.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\mnysyspk.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp
avy2.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\NetFxUpdate_v1.0.3705.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\offcln10.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Office XP Small Business Setup(0001).txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Office XP Small Business Setup(0001)_Task(0001).txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ptshowdown.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\qoMffFWn.batC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ScanMsgData.lxkC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si11.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si26.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si35.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Silverlight0.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\SilverlightMSI.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\skin_setup.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\starbucks2.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\swt-awt-win32-3346.dllC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\swt-win32-3346.dllC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TFR52.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP10.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP10C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP10F.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP11.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP115.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP118.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP11B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP11E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP12.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP121.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP124.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP127.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP12A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP12D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP134.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP138.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13F.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP14.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP143.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP146.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP149.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP14D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP15.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP152.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP154.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP15A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP15D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP16.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP161.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP165.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP17.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP18.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP19.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP1A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP1B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP1C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP1E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP20.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP25.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP26.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP27.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP29.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP2C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP32.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP33.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP34.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP35.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP38.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP39.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP3D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP3E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP40.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP42.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP44.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP45.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP47.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP48.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP49.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4F.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP50.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP51.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP52.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP53.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP54.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP55.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP56.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP57.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP58.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP59.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP5A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP5C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP5D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP61.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP66.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP69.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP7F.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP92.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP95.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP98.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP9B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA3.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPAD.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPB1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPC1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPF.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TWAIN.LOGC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twain001.MtxC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twunk001.MTXC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twunk002.MTXC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\U3Launcher.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\V105_app.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\verawang.bmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\vybase.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\vyess.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog00.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog01.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog02.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog03.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog04.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog05.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog06.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog07.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog08.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog09.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog10.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog11.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog12.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog13.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog14.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog15.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ycomp_setup_pub_ver_us.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ycp156.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ycp157.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\yih_setup.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ymemsi.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\yme_setup.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ymsgr_setup.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\YRH6B.ICOC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ytb_7.1.2.0_1.5.1_ysp_1.2_bts_pub_us_setup_.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ytb_7.2.4.4a_1.6.3_ysp_1.2.7_mail_bts_pub_us_setup_.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ZtYGlm7X.zip.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\_NDP_OCM_SetRegNI.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\_NDP_OCM_ToGAC.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.iniC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.iniC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF105C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF16E9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1B8E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1BA3.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1C97.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1CAE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1EB9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF222A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2599.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF29AF.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2D62.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF30FB.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3381.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3425.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF388D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF422A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4ADF.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4DAA.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF570D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5A74.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5A93.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5D40.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5F53.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6851.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF68D6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6BDE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6D6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6FBE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7177.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF782C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7869.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7C47.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7DDE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8381.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8A7.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8D04.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8F70.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFA283.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFA495.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFAF8C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB02D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB335.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB3B9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB648.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB66D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB8AA.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB9D2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBCCE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBFA4.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBFCE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFCE86.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD22D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD337.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD53E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD880.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFDA0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFDB9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE143.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE190.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE56.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE691.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE6DE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEC05.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF9C6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFAF9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFB92.tmp277 Files deleted====== Files and Folders under 'All Users\Application Data' Last 60 Days======12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio12/25/2008 9:11:05 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio\Extension12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio\IEPG12/28/2008 4:51:45 PM    125342    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion12/29/2008 1:25:04 PM    1598    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Cache12/28/2008 4:51:45 PM    109564    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data12/28/2008 4:51:45 PM    109564    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data\default12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Download12/28/2008 4:51:45 PM    14180    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Media12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Modules ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)============ Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ============ Services ( Services that are Whitelisted are not shown) ====== dldnCATSCustConnectService (dldnCATSCustConnectService) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldnserv.exe  - Auto dldn_device (dldn_device) C:\WINDOWS\system32\dldncoms.exe -service  - Auto DSBrokerService (DSBrokerService) 'C:\Program Files\DellSupport\brkrsvc.exe'  - Manual Media Center Receiver Service (ehRecvr) C:\WINDOWS\eHome\ehRecvr.exe  - Auto Media Center Scheduler Service (ehSched) C:\WINDOWS\eHome\ehSched.exe  - Auto MHN (MHN) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual My Web Search Service (MyWebSearchService) C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe  - Auto NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe  - Auto NICSer_WPC54G (NICSer_WPC54G) C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe  - Auto Intel(R) PROSet/Wireless Registry Service (RegSrvc) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe  - Auto Cyberlink RichVideo Service(CRVS) (RichVideo) 'C:\Program Files\CyberLink\Shared Files\RichVideo.exe'  - Auto SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  - Auto Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe  - Auto Yahoo! Updater (YahooAUService) 'C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe'  - Auto====== Uninstall List From Registry ======GemMaster MysticTradewindsAdobe Flash Player ActiveXAdobe Flash Player 10 PluginAdobe Shockwave Player 11America Online (Choose which version to remove)Avira AntiVir Personal - Free AntivirusAOL Connectivity ServicesAOL Coach Version 1.0(Build:20040229.1 en)CA Yahoo! Anti-Spy (remove only)Conexant HDA D110 MDC V.92 ModemDell Digital Jukebox DriverDell V105Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]ESPNMotionGoogle DesktopHijackThis 2.0.2Microsoft Internationalized Domain Names Mitigation APIsWindows Internet Explorer 7iTunesQuickTimeHigh Definition Audio Driver Package - KB835221Windows Genuine Advantage Validation Tool (KB892130)Windows Installer 3.1 (KB893803)Windows Media Player 10 Hotfix - KB895316Update Rollup 2 for Windows XP Media Center Edition 2005Update for Windows Media Format SDK (KB902344)Hotfix for Windows Media Player 10 (KB903157)Windows XP Media Center Edition 2005 KB908246Update for Windows Media Player 10 (KB910393)Security Update for Windows Media Player 10 (KB911565)Update for Windows Media Player 10 (KB913800)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows XP (KB923689)Security Update for Windows Media Player 6.4 (KB925398)Windows XP Media Center Edition 2005 KB925766Update for Windows Media Player 10 (KB926251)Security Update for Windows Internet Explorer 7 (KB928090)Hotfix for Windows Media Format 11 SDK (KB929399)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows XP (KB938464)Security Update for Windows Internet Explorer 7 (KB939653)Hotfix for Windows Media Player 11 (KB939683)Security Update for Windows XP (KB941569)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows XP (KB946648)Hotfix for Windows Internet Explorer 7 (KB947864)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Update for Windows XP (KB951072-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Update for Windows XP (KB951978)Security Update for Windows Media Player (KB952069)Hotfix for Windows XP (KB952287)Security Update for Windows XP (KB952954)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Update for Windows XP (KB955839)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows Internet Explorer 7 (KB960714)Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Mozilla Firefox (3.0.5)Microsoft Compression Client Pack 1.0 for Windows XPMy Web Search (Zwinky)Microsoft National Language Support Downlevel APIsIntel(R) PROSet/Wireless SoftwareRealPlayer BasicVerizon PC Security CheckupSpywareGuard v2.2Learn2 Player (Uninstall Only)Synaptics Pointing Device DriverVGA USB CameraWebCyberCoach 3.2 DellWindows Genuine Advantage Validation Tool (KB892130)Windows Genuine Advantage Notifications (KB905474)WildTangent Web DriverWindows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3Windows Media Format 11 runtimeWindows Media Player 11Microsoft User-Mode Driver Framework Feature Pack 1.0Yahoo! ToolbarYahoo! Search ProtectionYahoo! Software UpdateYahoo! Install ManagermSSOSonic RecordNow DataMSXML 6.0 Parser (KB933579)OpenOffice.org Installer 1.0mLogViewMicrosoft Plus! Photo Story 2 LESonic DLAAutoUpdateCorel Paint Shop Pro XInternal Network Card Power ManagementSonic MyDVD LEGoogle Toolbar for Internet ExplorermProSafeBroadcom Management ProgramsWireless-G Notebook AdapterSonic Update ManagerJ2SE Runtime Environment 5.0 Update 3Java(TM) SE Runtime Environment 6 Update 1Java(TM) 6 Update 3Java(TM) 6 Update 5Java(TM) 6 Update 7Windows Media Player 10WebFldrs XPNetZeroInstallersMSXML 4.0 SP2 (KB927978)PowerCinema NE for EveriomIWANetWaitingELIconmHlpDellBanctec Service AgreementiTunesWindows Live MessengerAOLIconmWMIArcSoft PhotoImpression 5PowerDVD 5.7Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Windows Media Player Firefox PluginDigital Content PortalSecurity AdvisorMicrosoft Plus! Digital Media Edition InstallerMicrosoft .NET Framework 2.0Java 2 Runtime Environment, SE v1.4.2_03Dell System RestoreGet High Speed Internet!DivX CodecDellSupportModem HelpermSCfgMSXML 4.0 SP2 (KB954430)Microsoft SilverlightIntel(R) Graphics Media Accelerator DriverCorel Photo Album 6DivX PlayermPfMgrmPfWizMicrosoft Office XP Small BusinessmZConfigMicrosoft Office PowerPoint Viewer 2007 (English)Sonic EncodersOdyssey ClientmDriverMicrosoft Visual C++ 2005 RedistributableEducateUSonic RecordNow AudioAdobe Reader 8.1.2Adobe Reader 8.1.2 Security Update 1 (KB403742)ABBYY FineReader 6.0 SprintWordPerfect Office 12Sonic RecordNow CopyDivX ConverterDivX Web PlayerPowerProducerMSXML 4.0 SP2 (KB936181)QuickTimeQuickSetArcSoft VideoImpression 2Microsoft .NET Framework 1.1Microsoft Money 2002 System PackDigital Photo Navigator 1.5Norton Security ScanSearch AssistDell Support Center (Support Software)Digital Line DetectMicrosoft Money 2002mCorePowerDirector ExpressmMHousemDrWiFimWlsSafe======== Other Info ========TOTAL PHYSICAL RAM: 1064 MB

bamajim · Answer

E310

Let's see how much we can get rid of with this.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select " Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

E310 · Answer

Thanks, again! Here is the log below. One note, during the entire scan, the anti virus software kept popping up with a warning. I just kept leaving the 'Deny Access' option selected and hitting OK.   Malwarebytes' Anti-Malware 1.33Database version: 1675Windows 5.1.2600 Service Pack 31/21/2009 9:25:01 PMmbam-log-2009-01-21 (21-25-01).txtScan type: Quick ScanObjects scanned: 75926Time elapsed: 23 minute(s), 19 second(s)Memory Processes Infected: 1Memory Modules Infected: 8Registry Keys Infected: 159Registry Values Infected: 11Registry Data Items Infected: 1Folders Infected: 22Files Infected: 177Memory Processes Infected:C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\hoyabdex.dll (Trojan.Vundo.H) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\WINDOWS\system32\mwrhva.dll (Trojan.Vundo) -> Delete on reboot.C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41ea3f89-9c70-41b4-b952-cd74089503fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{41ea3f89-9c70-41b4-b952-cd74089503fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41ea3f89-9c70-41b4-b952-cd74089503fa} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c987690 (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\86879277169673335412758446224983 (Rogue.Antivirus) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule32 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfypmkd  -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.C:\Documents and Settings\liliana yepes\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\mwrhva.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\cxmuondh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\hdnoumxc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\hoyabdex.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\xedbayoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jmviiedi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ideiivmj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ksuupuyw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wyupuusk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\WINDOWS\system32\khFYpmKD.VIR000 (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\koduro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jhdovurt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32
qexrf.VIR000 (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\qamywpuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\qoMCUOIc.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32pjnqung.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vbuynlkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\whcihuki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kbdkoxgx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kxwvgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\WINDOWS\system32\pkbpjggj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\qupfqkhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\qxfpfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ycwkfhhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ygdoae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yydonerk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temp\gufgcnev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temp\jsjzay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\4ZTBXQI3\InstallAVg_880807[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\I3MS5FJC\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\I3MS5FJC\InstallAVg_770522168440[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\I3MS5FJC\InstallAVg_880807[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\Z8FNOF1O\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\kellie nicolle\Local Settings\Temporary Internet Files\Content.IE5\Z8FNOF1O\InstallAVg_770522168440[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\liliana yepes\Desktop\ddcbcCut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON
oflash.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMONes_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMONes_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON	opgrad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\0002D893.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\0002DAA6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\0002E0D1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\0002E296.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\00032BD4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\00034BA0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\0003EBB9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\00071EEF (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BD775 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BD988 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BDA82.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BDB5D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BDBCA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BDC57.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003BDD32.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\003E9DC9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\00731E94.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\00731FBD (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON	p_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\004FA642.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\0089F4A6.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Documents and Settings\liliana yepes\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\liliana yepes\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\liliana yepes\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

bamajim · Answer

E310 You are welcome. That got quite a bit. Now Rerun FileLister and post a new log, and lets see whats left

E310 · Answer

Here we are ... still a few windows popping up, so someone's still kicking around in here ...

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.5
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 1/25/2009 2:24:19 PM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\dldncoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: (NO NAME) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dll

BHO: (NO NAME) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

BHO: (NO NAME) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dll

BHO: (NO NAME) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

BHO: (NO NAME) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: (NO NAME) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ShowLOMControl"=dword:00000001
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"dscactivate"="\"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\""
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"dldnmon.exe"="\"C:\\Program Files\\Dell V105\\dldnmon.exe\""
"dldnamon"="\"C:\\Program Files\\Dell V105\\dldnamon.exe\""
"EverioService"="\"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/4/2009 3:34:16 PM    787    C:\!KillBox
1/4/2009 3:34:16 PM    787    C:\!KillBox\Logs
12/25/2008 8:19:45 PM    1456343498    C:\MyWorks
12/25/2008 9:11:11 PM    1456343498    C:\MyWorks\EverioBackup
12/25/2008 9:11:25 PM    1456319488    C:\MyWorks\EverioBackup\0000000046d3
12/25/2008 9:11:25 PM    1456319488    C:\MyWorks\EverioBackup\0000000046d3\PRG001
12/6/2008 2:34:41 PM    5495    C:\spoolerlogs
1/4/2009 3:55:20 PM    0    C:\VundoFix Backups
1/17/2009 9:34:24 AM    5998    32    C:\Files.txt
12/28/2008 8:54:25 PM    1063714816    38    C:\hiberfil.sys
1/4/2009 3:55:13 PM    159    32    C:\vundofix.txt
12/10/2008 4:03:04 AM    4114368    C:\WINDOWS\$NtUninstallKB952069_WM9$
12/10/2008 4:03:04 AM    624576    C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
12/10/2008 4:02:58 AM    870561    C:\WINDOWS\$NtUninstallKB954600$
12/10/2008 4:02:58 AM    623747    C:\WINDOWS\$NtUninstallKB954600$\spuninst
12/10/2008 4:03:49 AM    684941    C:\WINDOWS\$NtUninstallKB955839$
12/10/2008 4:03:49 AM    624525    C:\WINDOWS\$NtUninstallKB955839$\spuninst
12/10/2008 4:00:55 AM    908796    C:\WINDOWS\$NtUninstallKB956802$
12/10/2008 4:00:55 AM    623612    C:\WINDOWS\$NtUninstallKB956802$\spuninst
12/10/2008 4:03:03 AM    11901    32    C:\WINDOWS\KB952069.log
12/10/2008 4:02:57 AM    8440    32    C:\WINDOWS\KB954600.log
12/9/2008 5:13:01 PM    37996    32    C:\WINDOWS\KB955839.log
12/9/2008 4:52:02 PM    15067    32    C:\WINDOWS\KB956802.log
12/10/2008 4:03:10 AM    22838    32    C:\WINDOWS\KB958215-IE7.log
12/18/2008 3:11:29 PM    8677    32    C:\WINDOWS\KB960714-IE7.log
12/28/2008 3:50:45 PM    12    32    C:\WINDOWS\wiaserviv.log
12/18/2008 10:35:10 PM    18393444    C:\WINDOWS\system32\Adobe
12/18/2008 10:35:11 PM    317516    C:\WINDOWS\system32\Adobe\Director
12/18/2008 10:35:10 PM    18075928    C:\WINDOWS\system32\Adobe\Shockwave 11
12/18/2008 10:35:14 PM    11165184    C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras
12/28/2008 3:59:51 PM    0    32    C:\WINDOWS\system32\57bbb2ee-.txt
1/10/2009 4:28:14 AM    1265695    38    C:\WINDOWS\system32\cmoapqym.ini
1/4/2009 8:36:00 AM    1681574    38    C:\WINDOWS\system32\DKmpYFhk.ini
1/4/2009 8:36:00 AM    1681574    38    C:\WINDOWS\system32\DKmpYFhk.ini2
1/13/2009 4:29:47 AM    1375225    38    C:\WINDOWS\system32\dstwbsoi.ini
1/13/2009 4:30:42 AM    129024    32    C:\WINDOWS\system32\ffjsgeuh.dll
1/5/2009 10:02:31 AM    1320830    38    C:\WINDOWS\system32\fyqjhybw.ini
12/30/2008 3:59:51 PM    129024    32    C:\WINDOWS\system32\hfcakb.dll
1/1/2009 9:20:11 PM    129024    32    C:\WINDOWS\system32\imtgebij.dll
1/13/2009 4:30:43 AM    129024    32    C:\WINDOWS\system32\kgwfxb.dll
1/6/2009 1:37:11 PM    120    38    C:\WINDOWS\system32\lorwumat.ini
1/6/2009 1:37:11 PM    120    38    C:\WINDOWS\system32\lorwumat.tmp
12/25/2008 8:49:51 PM    44544    32    C:\WINDOWS\system32\msxml4a.dll
12/30/2008 3:59:49 PM    129024    32    C:\WINDOWS\system32\rsaisxgh.dll
1/4/2009 8:39:08 AM    1307379    38    C:\WINDOWS\system32\spykvhev.ini
12/28/2008 3:56:30 PM    729126    38    C:\WINDOWS\system32\tuCcbcdd.ini
12/28/2008 3:56:31 PM    729126    38    C:\WINDOWS\system32\tuCcbcdd.ini2
1/15/2009 2:01:00 PM    1402999    38    C:\WINDOWS\system32\ueyecbqg.ini
1/1/2009 9:14:15 PM    1307356    38    C:\WINDOWS\system32\vjmdwddc.ini
1/2/2009 11:49:00 PM    1307356    38    C:\WINDOWS\system32\wvlmdgcp.ini
1/1/2009 9:20:12 PM    129024    32    C:\WINDOWS\system32\yesusb.dll

====== Files under "\Administrator\Startup" Last 60 Days======

====== Files under "\All Users\Startup" Last 60 Days======

====== Folders under "\Program Files" Last 60 Days======

12/25/2008 8:18:33 PM    8662767    C:\Program Files\Digital Photo Navigator 1.5
1/21/2009 8:57:16 PM    4107452    C:\Program Files\Malwarebytes' Anti-Malware
1/21/2009 8:57:17 PM    372752    C:\Program Files\Malwarebytes' Anti-Malware\Languages
1/3/2009 1:39:05 AM    1514798    C:\Program Files\SpywareGuard

====== Files under "\System32\Drivers" Last 60 Days======

1/21/2009 8:57:21 PM    15504    32    C:\WINDOWS\system32\drivers\mbam.sys
1/21/2009 8:57:19 PM    38496    32    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\AUInst.log
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dldnscan.log
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_8zjNVca7sT2q666xV5ig
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC36.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC48.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETA560.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETDD8E.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP109.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP11C.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP13.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP22.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP2C.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP44.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP49.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP4A.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP51.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP5C.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP60.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP61.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP64.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP69.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP6A.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP6C.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP6E.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP6F.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP70.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP71.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP73.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP75.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP78.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP79.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP7D.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP80.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP84.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP85.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP87.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP8A.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP8E.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP8F.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP92.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP98.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP99.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMP9D.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA0.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA3.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA4.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA6.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPA7.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPB1.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPB6.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPC0.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPD5.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPE.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TMPEC.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog00.sqm
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1081.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF131.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1762.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1A6.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2B6F.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2E91.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF426.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF42CA.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4681.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4A98.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5C41.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5FA2.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF782B.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF782C.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7AFC.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF820D.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF94DB.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF97D1.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9FE0.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFA1E2.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB9D2.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBBAE.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFC2D9.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFDC77.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEC0B.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFA2D.tmp
C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFEBE.tmp

83 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink
12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio
12/25/2008 9:11:05 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio\Extension
12/25/2008 8:50:16 PM    0    C:\Documents and Settings\All Users\Application Data\Cyberlink\PCM4Everio\IEPG
1/21/2009 8:57:17 PM    1549375    C:\Documents and Settings\All Users\Application Data\Malwarebytes
1/21/2009 8:57:17 PM    1549375    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
12/28/2008 4:51:45 PM    112951    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
12/29/2008 1:25:04 PM    1601    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Cache
12/28/2008 4:51:45 PM    97170    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data
12/28/2008 4:51:45 PM    97170    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data\default
12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Download
12/28/2008 4:51:45 PM    14180    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons
12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Media
12/28/2008 4:51:45 PM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Modules

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== Services ( Services that are Whitelisted are not shown) ======

dldnCATSCustConnectService (dldnCATSCustConnectService) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe - Auto
dldn_device (dldn_device) C:\WINDOWS\system32\dldncoms.exe -service - Auto
DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe" - Manual
Media Center Receiver Service (ehRecvr) C:\WINDOWS\eHome\ehRecvr.exe - Auto
Media Center Scheduler Service (ehSched) C:\WINDOWS\eHome\ehSched.exe - Auto
MHN (MHN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe - Auto
NICSer_WPC54G (NICSer_WPC54G) C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe - Auto
Intel(R) PROSet/Wireless Registry Service (RegSrvc) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - Auto
Cyberlink RichVideo Service(CRVS) (RichVideo) "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" - Auto
SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter - Auto
Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe - Auto
Yahoo! Updater (YahooAUService) "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" - Auto

====== Uninstall List From Registry ======

GemMaster Mystic
Tradewinds
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
America Online (Choose which version to remove)
Avira AntiVir Personal - Free Antivirus
AOL Connectivity Services
AOL Coach Version 1.0(Build:20040229.1 en)
CA Yahoo! Anti-Spy (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell V105
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
ESPNMotion
Google Desktop
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iTunes
QuickTime
High Definition Audio Driver Package - KB835221
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Player 10 Hotfix - KB895316
Update Rollup 2 for Windows XP Media Center Edition 2005
Update for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Windows XP Media Center Edition 2005 KB908246
Update for Windows Media Player 10 (KB910393)
Security Update for Windows Media Player 10 (KB911565)
Update for Windows Media Player 10 (KB913800)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Windows XP Media Center Edition 2005 KB925766
Update for Windows Media Player 10 (KB926251)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows Internet Explorer 7 (KB960714)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Mozilla Firefox (3.0.5)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Intel(R) PROSet/Wireless Software
RealPlayer Basic
Verizon PC Security Checkup
SpywareGuard v2.2
Learn2 Player (Uninstall Only)
Synaptics Pointing Device Driver
VGA USB Camera
WebCyberCoach 3.2 Dell
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
WildTangent Web Driver
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Toolbar
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Install Manager
mSSO
Sonic RecordNow Data
MSXML 6.0 Parser (KB933579)
OpenOffice.org Installer 1.0
mLogView
Microsoft Plus! Photo Story 2 LE
Sonic DLA
AutoUpdate
Corel Paint Shop Pro X
Internal Network Card Power Management
Sonic MyDVD LE
Google Toolbar for Internet Explorer
mProSafe
Broadcom Management Programs
Wireless-G Notebook Adapter
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
NetZeroInstallers
MSXML 4.0 SP2 (KB927978)
PowerCinema NE for Everio
mIWA
NetWaiting
ELIcon
mHlpDell
Banctec Service Agreement
iTunes
Windows Live Messenger
AOLIcon
mWMI
ArcSoft PhotoImpression 5
PowerDVD 5.7
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Windows Media Player Firefox Plugin
Digital Content Portal
Security Advisor
Microsoft Plus! Digital Media Edition Installer
Microsoft .NET Framework 2.0
Java 2 Runtime Environment, SE v1.4.2_03
Dell System Restore
Get High Speed Internet!
DivX Codec
DellSupport
Modem Helper
mSCfg
MSXML 4.0 SP2 (KB954430)
Microsoft Silverlight
Intel(R) Graphics Media Accelerator Driver
Corel Photo Album 6
DivX Player
mPfMgr
mPfWiz
Microsoft Office XP Small Business
mZConfig
Microsoft Office PowerPoint Viewer 2007 (English)
Sonic Encoders
Odyssey Client
mDriver
Microsoft Visual C++ 2005 Redistributable
EducateU
Sonic RecordNow Audio
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ABBYY FineReader 6.0 Sprint
WordPerfect Office 12
Sonic RecordNow Copy
DivX Converter
DivX Web Player
PowerProducer
MSXML 4.0 SP2 (KB936181)
QuickTime
QuickSet
ArcSoft VideoImpression 2
Microsoft .NET Framework 1.1
Microsoft Money 2002 System Pack
Digital Photo Navigator 1.5
Norton Security Scan
Search Assist
Dell Support Center (Support Software)
Digital Line Detect
Microsoft Money 2002
mCore
PowerDirector Express
mMHouse
mDrWiFi
mWlsSafe

======== Other Info ========

TOTAL PHYSICAL RAM: 1064 MB

bamajim · Answer

E310

Yes we have a few left.

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop(How to extract (decompress) zipped or compressed files, help in the link here: )

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to Delete:
C:\WINDOWS\system32\57bbb2ee-.txt
C:\WINDOWS\system32\cmoapqym.ini
C:\WINDOWS\system32\DKmpYFhk.ini
C:\WINDOWS\system32\DKmpYFhk.ini2
C:\WINDOWS\system32\dstwbsoi.ini
C:\WINDOWS\system32\ffjsgeuh.dll
C:\WINDOWS\system32\fyqjhybw.ini
C:\WINDOWS\system32\hfcakb.dll
C:\WINDOWS\system32\imtgebij.dll
C:\WINDOWS\system32\kgwfxb.dll
C:\WINDOWS\system32\lorwumat.ini
C:\WINDOWS\system32\lorwumat.tmp
C:\WINDOWS\system32\rsaisxgh.dll
C:\WINDOWS\system32\spykvhev.ini
C:\WINDOWS\system32\tuCcbcdd.ini
C:\WINDOWS\system32\tuCcbcdd.ini2
C:\WINDOWS\system32\ueyecbqg.ini
C:\WINDOWS\system32\vjmdwddc.ini
C:\WINDOWS\system32\wvlmdgcp.ini
C:\WINDOWS\system32\yesusb.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:

It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

E310 · Answer

Alright ... here we are, Bamajim ... fingers crossed ...

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\57bbb2ee-.txt" deleted successfully.
File "C:\WINDOWS\system32\cmoapqym.ini" deleted successfully.
File "C:\WINDOWS\system32\DKmpYFhk.ini" deleted successfully.
File "C:\WINDOWS\system32\DKmpYFhk.ini2" deleted successfully.
File "C:\WINDOWS\system32\dstwbsoi.ini" deleted successfully.
File "C:\WINDOWS\system32\ffjsgeuh.dll" deleted successfully.
File "C:\WINDOWS\system32\fyqjhybw.ini" deleted successfully.
File "C:\WINDOWS\system32\hfcakb.dll" deleted successfully.
File "C:\WINDOWS\system32\imtgebij.dll" deleted successfully.
File "C:\WINDOWS\system32\kgwfxb.dll" deleted successfully.
File "C:\WINDOWS\system32\lorwumat.ini" deleted successfully.
File "C:\WINDOWS\system32\lorwumat.tmp" deleted successfully.
File "C:\WINDOWS\system32\rsaisxgh.dll" deleted successfully.
File "C:\WINDOWS\system32\spykvhev.ini" deleted successfully.
File "C:\WINDOWS\system32\tuCcbcdd.ini" deleted successfully.
File "C:\WINDOWS\system32\tuCcbcdd.ini2" deleted successfully.
File "C:\WINDOWS\system32\ueyecbqg.ini" deleted successfully.
File "C:\WINDOWS\system32\vjmdwddc.ini" deleted successfully.
File "C:\WINDOWS\system32\wvlmdgcp.ini" deleted successfully.
File "C:\WINDOWS\system32\yesusb.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:48 PM, on 1/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\dldncoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\liliana yepes\My Documents\Kill It\analyzer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\kellie nicolle\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL kgwfxb.dll mwrhva.dll
O20 - Winlogon Notify: qoMCUOIc - qoMCUOIc.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe
O23 - Service: dldn_device - - C:\WINDOWS\system32\dldncoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12774 bytes

E310 · Answer

Hello ... can we pick this up again, please? This virus is still kicking around in here and I would LOVE to be rid of it! I could use your help as I just can't figure this out on my own. I'm sorry there is no other way to say thank you other than writing it ... please help? Thanks in advance!

bamajim · Answer

E310

Sure we can. There is a new version of FileLister so delete the old one.

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt.

Copy and paste the contents of that log in your reply.

E310 · Answer

OK ... here we are: ++++++++++++++++++++++++++++++++++ File Lister  Version 1.0.8              ++                                                                    ++  By bamajim / SpywareHammer.com ++++++++++++++++++++++++++++++++++Report ran on --->>>  4/19/2009 8:53:28 PM====== Running Processes ======C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dldncoms.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Dell V105\dldnmon.exeC:\Program Files\Dell V105\dldnMsdMon.exeC:\Program Files\CyberLink\PCM4Everio\EverioService.exeC:\WINDOWS\system32undll32.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Microsoft Money\System\Money Express.exeC:\Program Files\SetPoint\SetPoint.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Microsoft Money\System\urlmap.exeC:\WINDOWS\System32\WScript.exe====== BHO's ======BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllBHO: (NO NAME) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dllBHO: (NO NAME) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dllBHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllBHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllBHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllBHO: (NO NAME) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dllBHO: (NO NAME) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllBHO: (NO NAME) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: (NO NAME) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll====== HKLM\~\Run Keys ======HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[ehTray] = C:\WINDOWS\ehome\ehtray.exe[igfxtray] = C:\WINDOWS\system32\igfxtray.exe[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe[igfxpers] = C:\WINDOWS\system32\igfxpers.exe[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[SigmatelSysTrayApp] = stsystra.exe[ShowLOMControl] = 1[dla] = C:\WINDOWS\system32\dla	fswctrl.exe[QuickTime Task] = 'C:\Program Files\QuickTime\qttask.exe' -atboottime[SunJavaUpdateSched] = 'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe'[dscactivate] = 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'[YSearchProtection] = 'C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe'[Adobe Reader Speed Launcher] = 'C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe'[DellSupportCenter] = 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenter[IntelZeroConfig] = 'C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe'[IntelWireless] = 'C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe' /tf Intel PROSet/Wireless[avgnt] = 'C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe' /min[MoneyStartUp10.0] = 'C:\Program Files\Microsoft Money\System\Activation.exe'[dldnmon.exe] = 'C:\Program Files\Dell V105\dldnmon.exe'[dldnamon] = 'C:\Program Files\Dell V105\dldnamon.exe'[EverioService] = 'C:\Program Files\CyberLink\PCM4Everio\EverioService.exe'[Logitech Hardware Abstraction Layer] = 'C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE'[BluetoothAuthenticationAgent] = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent[Kernel and Hardware Abstraction Layer] = KHALMNPR.EXE====== HKCU\~\Run Keys ======[msnmsgr] = 'C:\Program Files\MSN Messenger\msnmsgr.exe' /background[DellSupport] = 'C:\Program Files\DellSupport\DSAgnt.exe' /startup[DellSupportCenter] = 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenter[YSearchProtection] = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[MoneyAgent] = 'C:\Program Files\Microsoft Money\System\Money Express.exe'[swg] = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe====== DNS Info (List may be empty) ======HKEY_LOCAL_MACHINE\CCS\~\{10892A71-AF65-4848-A21E-F7B20A694436}\  NameServer= HKEY_LOCAL_MACHINE\CCS\~\{56C04BFB-A0DA-42CC-BCAF-1B8A3C3F6A7E}\  NameServer= HKEY_LOCAL_MACHINE\CCS\~\{8F7A8F04-541F-4946-BB62-CE2F12D88736}\  NameServer= HKEY_LOCAL_MACHINE\CCS\~\{93979231-B281-46CB-BDCC-85BD9610CCBC}\  NameServer= HKEY_LOCAL_MACHINE\CCS\~\{F9557693-B571-4455-9994-99D2BA679C55}\  NameServer= HKEY_LOCAL_MACHINE\CS001\~\{10892A71-AF65-4848-A21E-F7B20A694436}\  NameServer= HKEY_LOCAL_MACHINE\CS001\~\{56C04BFB-A0DA-42CC-BCAF-1B8A3C3F6A7E}\  NameServer= HKEY_LOCAL_MACHINE\CS001\~\{8F7A8F04-541F-4946-BB62-CE2F12D88736}\  NameServer= HKEY_LOCAL_MACHINE\CS001\~\{F9557693-B571-4455-9994-99D2BA679C55}\  NameServer= HKEY_LOCAL_MACHINE\CS003\~\{10892A71-AF65-4848-A21E-F7B20A694436}\  NameServer= HKEY_LOCAL_MACHINE\CS003\~\{56C04BFB-A0DA-42CC-BCAF-1B8A3C3F6A7E}\  NameServer= HKEY_LOCAL_MACHINE\CS003\~\{8F7A8F04-541F-4946-BB62-CE2F12D88736}\  NameServer= HKEY_LOCAL_MACHINE\CS003\~\{93979231-B281-46CB-BDCC-85BD9610CCBC}\  NameServer= HKEY_LOCAL_MACHINE\CS003\~\{F9557693-B571-4455-9994-99D2BA679C55}\  NameServer= ====== Folders and Files from '%\' and '%\Windows' Created Last 60 Days ======3/31/2009 11:16:16 PM    6389692    C:\c63689355dc9840dde7f7f3e75ad0c3/31/2009 11:16:27 PM    3845598    C:\c63689355dc9840dde7f7f3e75ad0c\amd643/31/2009 11:16:28 PM    2544094    C:\c63689355dc9840dde7f7f3e75ad0c\i3863/22/2009 11:10:34 AM    0    C:\MyWorks3/22/2009 11:10:34 AM    0    C:\MyWorks\EverioBackup4/15/2009 10:09:12 PM    2323395    C:\WINDOWS\$NtUninstallKB923561$4/15/2009 10:09:12 PM    626541    C:\WINDOWS\$NtUninstallKB923561$\spuninst4/15/2009 10:09:47 PM    2431677    C:\WINDOWS\$NtUninstallKB952004$4/15/2009 10:09:47 PM    627901    C:\WINDOWS\$NtUninstallKB952004$\spuninst4/15/2009 10:10:18 PM    17230059    C:\WINDOWS\$NtUninstallKB956572$4/15/2009 10:10:18 PM    634091    C:\WINDOWS\$NtUninstallKB956572$\spuninst3/31/2009 11:10:21 PM    958190    C:\WINDOWS\$NtUninstallKB958687$3/31/2009 11:10:21 PM    624366    C:\WINDOWS\$NtUninstallKB958687$\spuninst3/31/2009 11:25:52 PM    2471201    C:\WINDOWS\$NtUninstallKB958690$3/31/2009 11:25:52 PM    624801    C:\WINDOWS\$NtUninstallKB958690$\spuninst4/15/2009 10:13:02 PM    1671911    C:\WINDOWS\$NtUninstallKB959426$4/15/2009 10:13:02 PM    625895    C:\WINDOWS\$NtUninstallKB959426$\spuninst3/31/2009 11:26:12 PM    11459244    C:\WINDOWS\$NtUninstallKB959772_WM11$3/31/2009 11:26:13 PM    624300    C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst3/31/2009 11:25:41 PM    769087    C:\WINDOWS\$NtUninstallKB960225$3/31/2009 11:25:42 PM    624703    C:\WINDOWS\$NtUninstallKB960225$\spuninst3/31/2009 11:24:23 PM    738306    C:\WINDOWS\$NtUninstallKB960715$3/31/2009 11:24:23 PM    623618    C:\WINDOWS\$NtUninstallKB960715$\spuninst4/15/2009 10:09:23 PM    979270    C:\WINDOWS\$NtUninstallKB960803$4/15/2009 10:09:23 PM    624966    C:\WINDOWS\$NtUninstallKB960803$\spuninst4/1/2009 8:48:57 PM    1713080    C:\WINDOWS\$NtUninstallKB961118$4/1/2009 8:48:57 PM    624240    C:\WINDOWS\$NtUninstallKB961118$\spuninst4/15/2009 10:12:55 PM    1913418    C:\WINDOWS\$NtUninstallKB961373$4/15/2009 10:12:55 PM    625226    C:\WINDOWS\$NtUninstallKB961373$\spuninst3/31/2009 11:26:01 PM    9087142    C:\WINDOWS\$NtUninstallKB967715$3/31/2009 11:26:01 PM    625830    C:\WINDOWS\$NtUninstallKB967715$\spuninst3/16/2009 9:57:11 PM    661925    C:\WINDOWS\$NtUninstallWdf01005$3/16/2009 9:57:12 PM    661925    C:\WINDOWS\$NtUninstallWdf01005$\spuninst4/15/2009 10:08:36 PM    11994    32    C:\WINDOWS\KB923561.log4/15/2009 9:19:53 PM    20330    32    C:\WINDOWS\KB952004.log4/15/2009 10:10:11 PM    18427    32    C:\WINDOWS\KB956572.log3/31/2009 11:09:39 PM    9231    32    C:\WINDOWS\KB958687.log3/31/2009 10:57:21 PM    63636    32    C:\WINDOWS\KB958690.log4/15/2009 9:20:21 PM    31296    32    C:\WINDOWS\KB959426.log3/31/2009 11:26:11 PM    52032    32    C:\WINDOWS\KB959772.log3/31/2009 10:57:49 PM    63521    32    C:\WINDOWS\KB960225.log3/31/2009 11:24:16 PM    10779    32    C:\WINDOWS\KB960715.log4/15/2009 9:19:43 PM    18873    32    C:\WINDOWS\KB960803.log4/1/2009 8:48:07 PM    5756    32    C:\WINDOWS\KB961118.log3/31/2009 11:24:32 PM    24867    32    C:\WINDOWS\KB961260-IE7.log4/15/2009 9:20:27 PM    30453    32    C:\WINDOWS\KB961373.log4/15/2009 9:20:05 PM    105112    32    C:\WINDOWS\KB963027-IE7.log3/31/2009 10:57:32 PM    64719    32    C:\WINDOWS\KB967715.log2/27/2009 12:42:24 AM    101136    32    C:\WINDOWS\KHALMNPR.Exe3/16/2009 9:56:39 PM    7245    32    C:\WINDOWS\Wdf01005Inst.log4/6/2009 7:28:01 AM    86016    C:\WINDOWS\system32\Dell4/6/2009 7:28:01 AM    86016    C:\WINDOWS\system32\Dell\SystemProfiler3/31/2009 11:17:17 PM    379588    C:\WINDOWS\system32\XPSViewer3/31/2009 11:17:17 PM    3584    C:\WINDOWS\system32\XPSViewer\en-US3/13/2009 1:27:15 PM    21504    32    C:\WINDOWS\system32\hidserv.dll3/16/2009 9:53:48 PM    151552    32    C:\WINDOWS\system32\irftp.exe3/16/2009 9:53:48 PM    28160    32    C:\WINDOWS\system32\irmon.dll2/27/2009 12:42:15 AM    163840    32    C:\WINDOWS\system32\kemutb.dll2/27/2009 12:42:15 AM    131072    32    C:\WINDOWS\system32\KemUtil.dll2/27/2009 12:42:15 AM    110592    32    C:\WINDOWS\system32\KemWnd.dll2/27/2009 12:42:15 AM    69632    32    C:\WINDOWS\system32\KemXML.dll3/22/2009 1:56:09 PM    57344    32    C:\WINDOWS\system32\lfbmp13n.dll3/22/2009 1:56:09 PM    401408    32    C:\WINDOWS\system32\lfcmp13n.dll3/22/2009 1:56:09 PM    69632    32    C:\WINDOWS\system32\lfgif13n.dll3/22/2009 1:56:09 PM    299008    32    C:\WINDOWS\system32\ltdis13n.dll3/22/2009 1:56:09 PM    206336    32    C:\WINDOWS\system32\ltefx13n.dll3/22/2009 1:56:09 PM    163840    32    C:\WINDOWS\system32\ltfil13n.dll3/22/2009 1:56:09 PM    450560    32    C:\WINDOWS\system32\ltimg13n.dll3/22/2009 1:56:09 PM    462848    32    C:\WINDOWS\system32\ltkrn13n.dll3/31/2009 10:53:56 PM    268648    32    C:\WINDOWS\system32\mucltui.dll3/31/2009 10:53:56 PM    27496    32    C:\WINDOWS\system32\mucltui.dll.mui3/31/2009 11:16:16 PM    117760    0    C:\WINDOWS\system32\prntvpt.dll2/27/2009 12:42:24 AM    1419024    32    C:\WINDOWS\system32\WdfCoInstaller01005.dll3/16/2009 9:53:48 PM    8192    32    C:\WINDOWS\system32\wshirda.dll4/15/2009 9:19:38 PM    2560    0    C:\WINDOWS\system32\xpsp4res.dll3/31/2009 11:16:16 PM    575488    0    C:\WINDOWS\system32\xpsshhdr.dll3/31/2009 11:16:16 PM    1676288    0    C:\WINDOWS\system32\xpssvcs.dll====== Files under '\Administrator\Startup' Last 60 Days============ Files under '\All Users\Startup' Last 60 Days======2/27/2009 12:42:12 AM    1363    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk====== Folders under '\Program Files' Last 60 Days======3/27/2009 5:56:07 PM    2031993    C:\Program Files\FLV Player3/31/2009 11:17:09 PM    25757    C:\Program Files\MSBuild3/31/2009 11:17:09 PM    25757    C:\Program Files\MSBuild\Microsoft3/31/2009 11:17:09 PM    25757    C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation3/31/2009 11:17:09 PM    9908    C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.03/31/2009 11:18:22 PM    15849    C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.53/31/2009 11:16:55 PM    36351745    C:\Program Files\Reference Assemblies3/31/2009 11:16:55 PM    36351745    C:\Program Files\Reference Assemblies\Microsoft3/31/2009 11:16:56 PM    36351745    C:\Program Files\Reference Assemblies\Microsoft\Framework3/31/2009 11:16:56 PM    25513451    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.03/31/2009 11:17:04 PM    5682    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList3/31/2009 11:18:22 PM    3495    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList3/31/2009 11:18:22 PM    10838294    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.53/31/2009 11:18:39 PM    12192    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList3/31/2009 11:18:22 PM    3446    C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList2/27/2009 12:41:59 AM    12609380    C:\Program Files\SetPoint2/27/2009 12:41:59 AM    2470624    C:\Program Files\SetPoint\Images2/27/2009 12:41:59 AM    471225    C:\Program Files\SetPoint\Images\AdvancedXY2/27/2009 12:42:00 AM    177737    C:\Program Files\SetPoint\Images\AdvancedXY\dial_frames2/27/2009 12:42:00 AM    106348    C:\Program Files\SetPoint\Images\AdvancedXY\dial_frames\active2/27/2009 12:42:00 AM    71389    C:\Program Files\SetPoint\Images\AdvancedXY\dial_frames
ormal2/27/2009 12:42:35 AM    2169186    C:\Program Files\SetPoint\LBTServ Images2/27/2009 12:42:01 AM    1472602    C:\Program Files\SetPoint\Macros2/27/2009 12:42:01 AM    30508    C:\Program Files\SetPoint\Sounds====== Files under '\System32\Drivers' Last 60 Days======3/16/2009 9:46:26 PM    37296    33    C:\WINDOWS\system32\drivers\btusbflt.sys2/27/2009 12:42:24 AM    32272    32    C:\WINDOWS\system32\drivers\LHidFilt.Sys2/27/2009 12:42:25 AM    32528    32    C:\WINDOWS\system32\drivers\LMouFilt.Sys3/16/2009 9:57:35 PM    0    34    C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf3/16/2009 9:57:37 PM    0    34    C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf====== Files Deleted under '%Temp%' ======C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\94I0XI6S.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ASPNETSetup_00000.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ASPNETSetup_00001.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\AUInst.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\avenger.zipC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\BBCHWUQ0.htmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_clwireg.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_depcheck_NETFX_EXP_35.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_dotnetfx35error.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_dotnetfx35install.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_NET_Framework20_Setup37D4.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_NET_Framework30_Setup3B14.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_NET_Framework35_MSI3C47.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_RGB9RAST_x86.msi37C0.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_wcf_retCA4537.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_wcf_retCA64A8.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dd_XPS.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\dldnscan.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_0GLToBaw4XrJg4n9QE0aC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_gdUwVFDkSiQHsfBa0xM4C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_pmyFvOITpEtTSUICcFVyC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\etilqs_UHx5Hd9P4vJrSNf0JPcUC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\FN8KS934.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC36.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IEC48.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT107.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT108.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT109.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT111.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT112.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT113.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT1F.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT20.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT21.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT28.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT29.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT2A.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT37.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT39.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT3A.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT3C.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT3D.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT3E.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT3F.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT40.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT41.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT61.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT62.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\IMT63.xmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\is61.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\java_install_reg.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET3524.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JET3C8B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETC270.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\JETCBAC.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\jusched.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\K1TM8HIJ.htmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\L6D8F60V.htmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\logger.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20090401_031918062-Msi0.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20090401_031918062.htmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090401_032304234-Msi0.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090401_032304234.htmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090401_032349562-Msi0.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090401_032349562.htmlC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\MLH42QZW.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\oUSXCST6.zip.partC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\S42TUSSW.htmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\ScanMsgData.lxkC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\setAF.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si34.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si4C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\si8D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Silverlight0.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\SilverlightMSI.logC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp	mp70.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp	mp73.RTFC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp	mp85.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp	mp87.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\TWAIN.LOGC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twain001.MtxC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twunk001.MTXC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\Twunk002.MTXC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\UDFBridgeFile.ADHMC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\uxeventlog.txtC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\VGTKBZW4.emfC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wlsetup-cvr.exeC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\wmplog00.sqmC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\_isdelet.iniC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~135def1b83f1c1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~135def1b83f1c1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~13a4e85914b1aa1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~13a4e85914b1aa1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~13a4e877138eae1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~13a4e877138eae1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~14f1600e16f8f11c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~14f1600e16f8f11c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~15dec826c9a91c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~15dec826c9a91c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~15decacc1a641c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~15decacc1a641c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~175dec8b5cb381c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~175dec8b5cb381c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~175def1b76a171c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~175def1b76a171c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~18f1600811927c1c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~18f1600811927c1c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~18f16035692c51c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~18f16035692c51c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1a4e85061e151c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1a4e85061e151c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1a548d5edfc541c748b441e22000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1a548d5edfc541c748b441e22000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1b5658477f4991c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1b5658477f4991c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1cf1600814e5491c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1cf1600814e5491c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1da4e84c76aff1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1da4e84c76aff1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1da4e871134f461c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1da4e871134f461c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec815cd311c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec815cd311c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec859a2721c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec859a2721c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec987863c1c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5dec987863c1c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5decac9dfe91c963b0606e3900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5decac9dfe91c963b0606e3900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5decbf7977d1c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5decbf7977d1c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def1184cd81c963b099a6a900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def1184cd81c963b099a6a900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def155989e1c963b09ad7d600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def155989e1c963b09ad7d600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def2f7898f1c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~1f5def2f7898f1c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~22f1600811d8841c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~22f1600811d8841c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec81894be1c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec81894be1c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec85c47bf1c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec85c47bf1c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec986f73c1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235dec986f73c1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235decbf7d62b1c963b02866f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235decbf7d62b1c963b02866f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235def1157f571c963b09d3a3000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235def1157f571c963b09d3a3000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235def2f7e7f11c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~235def2f7e7f11c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~255def1a8816e1c963b067954700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~255def1a8816e1c963b067954700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~25a4e84d5add31c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~25a4e84d5add31c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~25a4e87013620e1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~25a4e87013620e1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~26548d5e1071851c7224f8c99d100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~26548d5e1071851c7224f8c99d100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2756584712fc951c8a61e78719b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2756584712fc951c8a61e78719b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~295def1b6d41c1c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~295def1b6d41c1c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e84313bdde1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e84313bdde1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e85a1290ca1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e85a1290ca1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e85e149bcc1c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e85e149bcc1c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e86413f6311c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2da4e86413f6311c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2ef160091552f91c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2ef160091552f91c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2ef1603465e7b1c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~2ef1603465e7b1c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e84312b12d1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e84312b12d1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e85a12c5991c9a966410e8a00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e85a12c5991c9a966410e8a00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e85e140ffc1c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e85e140ffc1c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e8641363c11c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~31a4e8641363c11c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~34f1600e15e6b61c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~34f1600e15e6b61c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375658515acaa1c8aa48ba4c7800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375658515acaa1c8aa48ba4c7800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375658555ff571c8aad8c7b14300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375658555ff571c8aad8c7b14300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375decab95bcd1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375decab95bcd1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375def0683e561c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~375def0683e561c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~37a4e851686b11c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~37a4e851686b11c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3956585b9e91c1c8a61e963f0000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3956585b9e91c1c8a61e963f0000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3a548d5ef99f41c748b43858b800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3a548d5ef99f41c748b43858b800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3ba4e850645ad1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3ba4e850645ad1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3cf1602811e5cf1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3cf1602811e5cf1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec81609d21c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec81609d21c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec858b1421c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec858b1421c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec989900b1c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5dec989900b1c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5decaca87001c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5decaca87001c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5decbf72f291c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5decbf72f291c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5def1564b491c963b09ad7d600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5def1564b491c963b09ad7d600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5def2f7a2631c963b06401c000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~3f5def2f7a2631c963b06401c000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~415decab94d661c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~415decab94d661c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~415def067817f1c963b06401c000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~415def067817f1c963b06401c000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e8421264081c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e8421264081c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e85f105ea01c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e85f105ea01c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e86510da1f1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~41a4e86510da1f1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f1601c14ba851c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f1601c14ba851c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f160221409611c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f160221409611c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f1602612bd981c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~44f1602612bd981c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4548d42121ab81c7224f8dcafe00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4548d42121ab81c7224f8dcafe00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e8421aefd61c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e8421aefd61c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e85bf29f71c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e85bf29f71c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e85f1445111c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e85f1445111c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e86511aa351c9a96633f19b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~45a4e86511aa351c9a96633f19b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4a548d431179581c7224f8dcafe00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4a548d431179581c7224f8dcafe00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4da4e8516a9a51c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4da4e8516a9a51c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f160296bf231c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f160296bf231c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f56585b689871c8a70070a1900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f56585b689871c8a70070a1900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f5dec834b4581c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~4f5dec834b4581c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~51565846a3a941c8a61e832c3000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~51565846a3a941c8a61e832c3000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~52548d5f137af81c748b59f2aa100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~52548d5f137af81c748b59f2aa100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec806afa31c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec806afa31c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec847721b1c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec847721b1c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec997a3bd1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535dec997a3bd1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535decad71a4a1c963b0606e3900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535decad71a4a1c963b0606e3900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535decbe5944a1c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535decbe5944a1c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def10965141c963b099a6a900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def10965141c963b099a6a900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def14554cb1c963b09c090300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def14554cb1c963b09c090300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def2e543651c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~535def2e543651c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~53a4e8701598f11c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~53a4e8701598f11c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5461e9f728171c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5461e9f728171c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~54f16009115f091c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~54f16009115f091c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~56548d5f13dce11c748b58e7a2b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~56548d5f13dce11c748b58e7a2b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec80afd1d1c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec80afd1d1c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec84b66031c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec84b66031c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec99545db1c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575dec99545db1c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575decbe6123b1c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575decbe6123b1c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def10524471c963b09ad7d600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def10524471c963b09ad7d600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def145a2471c963b09c090300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def145a2471c963b09c090300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def2e6f0661c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~575def2e6f0661c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5a4e85012d9591c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5a4e85012d9591c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5d56584710e7391c89d7417bba600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5d56584710e7391c89d7417bba600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5da4e858dfcec1c9a9664a97f200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5da4e858dfcec1c9a9664a97f200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5da4e87610f3b71c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~5da4e87610f3b71c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~60548d5e11d9ab1c748b426771500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~60548d5e11d9ab1c748b426771500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~62f1600f11d6461c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~62f1600f11d6461c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~635dec8a50d6b1c963b02866f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~635dec8a50d6b1c963b02866f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~635def1a715831c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~635def1a715831c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec817bc031c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec817bc031c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec857fe611c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec857fe611c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec98886f61c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655dec98886f61c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655decacb3d021c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655decacb3d021c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655decbf607e71c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655decbf607e71c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def116ac2d1c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def116ac2d1c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def154ebf71c963b09ad7d600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def154ebf71c963b09ad7d600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def2f8c6791c963b06401c000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~655def2f8c6791c963b06401c000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~65a4e859f32701c9a9664bc91f00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~65a4e859f32701c9a9664bc91f00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~65a4e8771080831c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~65a4e8771080831c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~68f1600912ee731c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~68f1600912ee731c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~68f1603473bed1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~68f1603473bed1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~69461e9e665c71c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~69461e9e665c71c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695dec8482ce61c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695dec8482ce61c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695dec9974bc01c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695dec9974bc01c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695decbe7cd001c963b02866f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695decbe7cd001c963b02866f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def108a9f61c963b099a6a900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def108a9f61c963b099a6a900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def14558121c963b09e6b5d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def14558121c963b09e6b5d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def2e837d81c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~695def2e837d81c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6b56584673c481c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6b56584673c481c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6c548d5f11a5e01c748b56f7b9900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6c548d5f11a5e01c748b56f7b9900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6da4e851697bf1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6da4e851697bf1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6ef1600e14321d1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6ef1600e14321d1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6f56584673fd71c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~6f56584673fd71c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~71a4e85112f6f11c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~71a4e85112f6f11c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~74f16009108e191c9a96648359800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~74f16009108e191c9a96648359800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~74f16034835851c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~74f16034835851c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~756584710e5031c89d742e61fd00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~756584710e5031c89d742e61fd00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7756585ac77a51c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7756585ac77a51c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~775dec828a8951c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~775dec828a8951c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~775decac9d06f1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~775decac9d06f1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e84312c7211c9a96648359800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e84312c7211c9a96648359800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e85a1489ce1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e85a1489ce1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e85e17152c1c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e85e17152c1c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e8641535431c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~77a4e8641535431c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7956586e651e71c8aa473e056500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7956586e651e71c8aa473e056500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e85b1689901c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e85b1689901c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e85f10ec0a1c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e85f10ec0a1c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e8651400771c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7ba4e8651400771c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf1601d1196681c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf1601d1196681c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf1602312cb171c9a966410e8a00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf1602312cb171c9a966410e8a00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf160271428221c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7cf160271428221c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7f5def1a9561f1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~7f5def1a9561f1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec81764be1c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec81764be1c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec859a9471c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec859a9471c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec98963561c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815dec98963561c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815decacbdf891c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815decacbdf891c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815decbf5a1e81c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815decbf5a1e81c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def11828571c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def11828571c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def15528b21c963b09ad7d600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def15528b21c963b09ad7d600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def2f81bfd1c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~815def2f81bfd1c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~81a4e84c692c51c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~81a4e84c692c51c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~81a4e87111927c1c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~81a4e87111927c1c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~84f16008134f461c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~84f16008134f461c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~84f1603576aff1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~84f1603576aff1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~85a4e87114e5491c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~85a4e87114e5491c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8756585b7f9401c89d7393692300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8756585b7f9401c89d7393692300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8af1600e138eae1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8af1600e138eae1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8da4e8591695121c9a9664a97f200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8da4e8591695121c9a9664a97f200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8da4e87716f8f11c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8da4e87716f8f11c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8f5def1b8a51b1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~8f5def1b8a51b1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~915658516afca1c8aad86ab58d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~915658516afca1c8aad86ab58d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9156586f61fb51c8aa4832666e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9156586f61fb51c8aa4832666e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~935def0770d2d1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~935def0770d2d1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e843122f581c9a96648359800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e843122f581c9a96648359800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e85a1257671c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e85a1257671c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e85efb0781c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e85efb0781c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e8641191471c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e8641191471c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e877d3fa41c9a9664cfa4c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~93a4e877d3fa41c9a9664cfa4c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f1601d13b97e1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f1601d13b97e1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f1602315fd041c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f1602315fd041c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f160271240741c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~94f160271240741c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~975decaac4e281c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~975decaac4e281c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~975def078b0411c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~975def078b0411c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~98f1602961e151c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~98f1602961e151c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9a548d4211bace1c748b5a782dc00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9a548d4211bace1c748b5a782dc00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9b56585bc223b1c8a7008697e800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9b56585bc223b1c8a7008697e800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9cf1602912d9591c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9cf1602912d9591c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9d5658506849f1c8aa48a86ad500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9d5658506849f1c8aa48a86ad500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9d56586e61ebc1c8aa4752496200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9d56586e61ebc1c8aa4752496200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9da4e8506bf231c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9da4e8506bf231c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9f5dec826bd161c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9f5dec826bd161c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9f5decac72b331c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~9f5decac72b331c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a2f16029645ad1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a2f16029645ad1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a35dec8271b171c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a35dec8271b171c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a35decacb9cb91c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a35decacb9cb91c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a55def0666d421c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a55def0666d421c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a5a4e85111e5cf1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a5a4e85111e5cf1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a756585b7c7731c89d7393692300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a756585b7c7731c89d7393692300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f1601d1363c11c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f1601d1363c11c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f1602312c5991c9a966410e8a00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f1602312c5991c9a966410e8a00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f16027140ffc1c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a8f16027140ffc1c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a95def075952f1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~a95def075952f1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ab565851652d21c8aad8730dc800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ab565851652d21c8aad8730dc800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ab56586f6450a1c8aa485629b400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ab56586f6450a1c8aa485629b400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ada4e859e1edb1c9a9664a97f200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ada4e859e1edb1c9a9664a97f200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ada4e87715e6b61c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ada4e87715e6b61c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~aef16028686b11c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~aef16028686b11c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af1601d1191471c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af1601d1191471c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af160231257671c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af160231257671c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af16027fb0781c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af16027fb0781c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af56586f59d5b1c8aa48896c4300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~af56586f59d5b1c8aa48896c4300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b1a4e859e72341c9a9664cfa4c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b1a4e859e72341c9a9664cfa4c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b1a4e8771012bd1c9a96648359800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b1a4e8771012bd1c9a96648359800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f1601d13f6311c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f1601d13f6311c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f160231290ca1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f160231290ca1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f16027149bcc1c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b4f16027149bcc1c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b75dec8a55a9f1c963b02866f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b75dec8a55a9f1c963b02866f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b75def1a961dc1c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b75def1a961dc1c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b7a4e84d65e7b1c9a9662f2ce700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b7a4e84d65e7b1c9a9662f2ce700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b7a4e8701552f91c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~b7a4e8701552f91c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ba548d421138261c7224f8dcafe00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ba548d421138261c7224f8dcafe00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bba4e87111d8841c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bba4e87111d8841c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bcf1600913620e1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bcf1600913620e1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bcf160345add31c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bcf160345add31c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bf5dec825d2d81c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bf5dec825d2d81c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bf5decac7bc981c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~bf5decac7bc981c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c15def1a86a991c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c15def1a86a991c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c1a4e85815d1a11c9a9664bc91f00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c1a4e85815d1a11c9a9664bc91f00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c1a4e87613b93b1c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c1a4e87613b93b1c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c4f1600f10f3b71c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c4f1600f10f3b71c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5a4e858fef731c9a9664cfa4c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5a4e858fef731c9a9664cfa4c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5a4e876123d3a1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5a4e876123d3a1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5bc91b218cd31c8394bd6416700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c5bc91b218cd31c8394bd6416700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c75658545976b1c8aad8d7308c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c75658545976b1c8aad8d7308c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c9461e825d9cf1c963b026049c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~c9461e825d9cf1c963b026049c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ca548d5f10bbb41c7224f8c99d100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ca548d5f10bbb41c7224f8c99d100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~caf160091598f11c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~caf160091598f11c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cda4e870115f091c9a96644a21100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cda4e870115f091c9a96644a21100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf565847792db1c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf565847792db1c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec807c6ac1c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec807c6ac1c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec846be381c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec846be381c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec998ebe81c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5dec998ebe81c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5decad6b8271c963b0606e3900.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5decad6b8271c963b0606e3900.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5decbe629fa1c963b029982300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5decbe629fa1c963b029982300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5def1084aaa1c963b06401c000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5def1084aaa1c963b06401c000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5def145173c1c963b09c090300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~cf5def145173c1c963b09c090300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d156585a81e651c89d7393692300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d156585a81e651c89d7393692300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d35dec837733c1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d35dec837733c1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d35decad9c06b1c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d35decad9c06b1c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d4f160286a9a51c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d4f160286a9a51c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d75dec83b02c51c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d75dec83b02c51c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d75decad592121c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d75decad592121c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d8f1601c10da1f1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d8f1601c10da1f1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d8f16026105ea01c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~d8f16026105ea01c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e84312740b1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e84312740b1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e85a15fd041c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e85a15fd041c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e85e1240741c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e85e1240741c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e86413b97e1c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~da4e86413b97e1c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf1601c11aa351c9a96633f19b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf1601c11aa351c9a96633f19b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf16022f29f71c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf16022f29f71c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf160261445111c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dcf160261445111c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dd56585bb9e8b1c89d739237f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dd56585bb9e8b1c89d739237f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e842108d871c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e842108d871c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e85b1409611c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e85b1409611c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e85f12bd981c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e85f12bd981c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e86514ba851c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~dda4e86514ba851c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~de7261a6701131c966f995a0c100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~de7261a6701131c966f995a0c100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF111C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1235.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF132D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF143F.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1530.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1992.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1AD8.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1BFE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1D6E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF1F1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF22F2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF23B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2609.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2876.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2D66.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2E43.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF2F62.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3022.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3186.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3279.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF32A2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF349E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF398C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3B48.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3C20.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3C81.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3D3B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF3F51.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4165.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF429D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF434E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF43B6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4492.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF46E4.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4752.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF47EC.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF48B8.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4A0D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4BE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4C43.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4ED9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4F06.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF4FA1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5DB6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF5F8B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF60D2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF61C3.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF61D0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6499.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF6501.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF666D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF67D6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF68B4.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF693.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF74FA.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF755A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7700.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF77ED.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7859.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7AB5.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7D0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF7EFB.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF823.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF846E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8605.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF89FE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8A25.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF8A9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9137.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF94FB.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF95C9.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF96A0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF98D7.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9922.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9992.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9CE2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DF9F7B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFA09B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFA490.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFAC8B.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB4CD.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB640.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB6B7.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB6E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB726.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB738.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB791.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFB825.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBB86.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBBE0.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBCB6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBECE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFBF4A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFC365.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFC425.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFC9C6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFCAC6.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFCC14.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD421.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD5F1.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD647.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFD819.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFDF9E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE0A8.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE29C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE5C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE5E.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE607.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFE7AB.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEB89.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEC56.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEC62.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFED2C.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEF62.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFEF8D.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF029.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF28A.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF310.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF326.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF42.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF5A7.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF5DE.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF6AC.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF831.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFF9FC.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFA16.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFCF2.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~DFFEBC.tmpC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e0548d4213b5771c7224f8dcafe00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e0548d4213b5771c7224f8dcafe00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f1601c1400771c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f1601c1400771c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f160221689901c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f160221689901c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f1602610ec0a1c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e2f1602610ec0a1c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e35decab9524e1c963b05ba98500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e35decab9524e1c963b05ba98500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e35def0686ca11c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e35def0686ca11c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e55dec82865081c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e55dec82865081c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e55decaca1c991c963b05cdab200.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e55decaca1c991c963b05cdab200.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e843ba7d91c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e843ba7d91c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e85a12cb171c9a966410e8a00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e85a12cb171c9a966410e8a00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e85e1428221c9a9664370e400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e85e1428221c9a9664370e400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e8641196681c9a966318f4100.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e5a4e8641196681c9a966318f4100.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e7565850664d11c8aad85b364400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e7565850664d11c8aad85b364400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e756586e6814e1c8aa481cf14400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e756586e6814e1c8aa481cf14400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e8f1602812f6f11c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e8f1602812f6f11c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e95dec8357d771c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~e95dec8357d771c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eb56585a534b01c89d7393692300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eb56585a534b01c89d7393692300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ec548d431249191c7224f8dcafe00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ec548d431249191c7224f8dcafe00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eda4e84d835851c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eda4e84d835851c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eda4e870108e191c9a96648359800.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eda4e870108e191c9a96648359800.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef1601d1535431c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef1601d1535431c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef160231489ce1c9a96632c06e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef160231489ce1c9a96632c06e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef1602717152c1c9a966423fb700.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~eef1602717152c1c9a966423fb700.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ef56585a5e1051c8aa47bf40300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ef56585a5e1051c8aa47bf40300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f1a4e84d73bed1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f1a4e84d73bed1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f1a4e87012ee731c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f1a4e87012ee731c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f2548d5efeeb41c748b598039300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f2548d5efeeb41c748b598039300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f4f16028697bf1c9a966305e1400.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f4f16028697bf1c9a966305e1400.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f56586e663091c8aa4866da2a00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f56586e663091c8aa4866da2a00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f5def07729d51c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f5def07729d51c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f756584612122e1c89d7422763b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f756584612122e1c89d7422763b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec81722cc1c963b02ac95000.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec81722cc1c963b02ac95000.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec85b05e71c963b02bfa7d00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec85b05e71c963b02bfa7d00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec987e7601c963b05e0bdf00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75dec987e7601c963b05e0bdf00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75decaca3caf1c963b05f3d0c00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75decaca3caf1c963b05f3d0c00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75decbf638631c963b02866f600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75decbf638631c963b02866f600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75def15609241c963b09c090300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75def15609241c963b09c090300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75def2f7cee41c963b062d09300.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f75def2f7cee41c963b062d09300.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f7a4e859e141c1c9a9664966c500.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f7a4e859e141c1c9a9664966c500.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f7a4e87714321d1c9a96645d33e00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~f7a4e87714321d1c9a96645d33e00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~fba4e858113af61c9a9664bc91f00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~fba4e858113af61c9a9664bc91f00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~fba4e87611d6461c9a96647046b00.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~fba4e87611d6461c9a96647046b00.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ff5def065b6e81c963b0619f6600.jpdC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ff5def065b6e81c963b0619f6600.jpgC:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\~ROMFN_00000978842 Files deleted====== Files and Folders under 'All Users\Application Data' Last 60 Days======4/5/2009 10:31:24 AM    14477    C:\Documents and Settings\All Users\Application Data\Google Updater4/5/2009 10:31:28 AM    0    C:\Documents and Settings\All Users\Application Data\Google Updater\cache4/5/2009 10:31:28 AM    90    C:\Documents and Settings\All Users\Application Data\Google Updater\history4/5/2009 10:31:24 AM    14387    C:\Documents and Settings\All Users\Application Data\Google Updater\icons2/27/2009 12:42:01 AM    18049794    C:\Documents and Settings\All Users\Application Data\Logitech2/27/2009 12:42:01 AM    18049794    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint2/27/2009 12:42:01 AM    18049794    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices2/27/2009 12:42:01 AM    1473    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Audio2/27/2009 12:42:01 AM    1473    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Audio\50000012/27/2009 12:42:01 AM    33177    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display2/27/2009 12:42:01 AM    3019    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000012/27/2009 12:42:01 AM    665    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000022/27/2009 12:42:01 AM    395    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000032/27/2009 12:42:01 AM    1110    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000042/27/2009 12:42:01 AM    2955    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000052/27/2009 12:42:01 AM    23045    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000062/27/2009 12:42:01 AM    6068    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\4000006\hbmps2/27/2009 12:42:01 AM    1988    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Display\40000082/27/2009 12:42:01 AM    7543155    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard2/27/2009 12:42:01 AM    9376    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200000F2/27/2009 12:42:01 AM    11199    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000272/27/2009 12:42:01 AM    5185    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000282/27/2009 12:42:01 AM    14498    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000292/27/2009 12:42:01 AM    18814    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002A2/27/2009 12:42:01 AM    15177    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002B2/27/2009 12:42:01 AM    14716    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002C2/27/2009 12:42:01 AM    21111    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002D2/27/2009 12:42:01 AM    5240    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002E2/27/2009 12:42:01 AM    10902    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200002F2/27/2009 12:42:01 AM    708221    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000312/27/2009 12:42:02 AM    9257    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000322/27/2009 12:42:02 AM    13651    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000332/27/2009 12:42:02 AM    158933    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000342/27/2009 12:42:02 AM    22800    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000352/27/2009 12:42:02 AM    13220    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000362/27/2009 12:42:02 AM    10415    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000372/27/2009 12:42:02 AM    9779    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000382/27/2009 12:42:02 AM    4126    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000392/27/2009 12:42:02 AM    15829    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200003a2/27/2009 12:42:02 AM    10887    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200003b2/27/2009 12:42:02 AM    5185    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200003C2/27/2009 12:42:02 AM    12664    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200004C2/27/2009 12:42:02 AM    9694    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200004D2/27/2009 12:42:02 AM    10005    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\200004E2/27/2009 12:42:02 AM    1232205    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000502/27/2009 12:42:02 AM    6694    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000512/27/2009 12:42:02 AM    83091    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000522/27/2009 12:42:02 AM    3068    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000532/27/2009 12:42:02 AM    670428    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000542/27/2009 12:42:02 AM    2004958    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000552/27/2009 12:42:03 AM    342804    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000562/27/2009 12:42:03 AM    564939    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000572/27/2009 12:42:03 AM    470923    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\20000582/27/2009 12:42:03 AM    899757    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\AresFamily2/27/2009 12:42:03 AM    99442    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\CommonIcons2/27/2009 12:42:07 AM    23962    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Keyboard\generic2/27/2009 12:42:01 AM    10470162    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice2/27/2009 12:42:07 AM    4249    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100000F2/27/2009 12:42:07 AM    4260    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000102/27/2009 12:42:07 AM    1736    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000162/27/2009 12:42:07 AM    1739    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000172/27/2009 12:42:07 AM    1444    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100001F2/27/2009 12:42:07 AM    1444    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000202/27/2009 12:42:07 AM    4220    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000372/27/2009 12:42:07 AM    4216    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000382/27/2009 12:42:07 AM    4226    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000392/27/2009 12:42:07 AM    4237    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003A2/27/2009 12:42:07 AM    4230    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003B2/27/2009 12:42:07 AM    2385    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003C2/27/2009 12:42:07 AM    2446    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003D2/27/2009 12:42:07 AM    1414    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003E2/27/2009 12:42:08 AM    1419    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100003F2/27/2009 12:42:08 AM    4775    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000402/27/2009 12:42:08 AM    6284    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000412/27/2009 12:42:08 AM    2150    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000422/27/2009 12:42:08 AM    3933    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000432/27/2009 12:42:08 AM    3950    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000442/27/2009 12:42:08 AM    4482    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000452/27/2009 12:42:08 AM    3563    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000462/27/2009 12:42:08 AM    3563    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000472/27/2009 12:42:08 AM    181273    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000482/27/2009 12:42:08 AM    290032    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000492/27/2009 12:42:08 AM    158508    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004A2/27/2009 12:42:08 AM    3891    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004B2/27/2009 12:42:08 AM    1455    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004C2/27/2009 12:42:08 AM    1460    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004D2/27/2009 12:42:08 AM    1475    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004E2/27/2009 12:42:08 AM    1463    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100004F2/27/2009 12:42:08 AM    1472    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000502/27/2009 12:42:08 AM    285167    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000512/27/2009 12:42:09 AM    5059    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000522/27/2009 12:42:09 AM    3407    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000532/27/2009 12:42:09 AM    3490    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000542/27/2009 12:42:09 AM    5942    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000552/27/2009 12:42:09 AM    3835    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000562/27/2009 12:42:09 AM    95447    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000572/27/2009 12:42:09 AM    4752    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000582/27/2009 12:42:09 AM    278353    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000592/27/2009 12:42:09 AM    150334    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005A2/27/2009 12:42:09 AM    150399    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005B2/27/2009 12:42:09 AM    1438    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005C2/27/2009 12:42:09 AM    5853    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005D2/27/2009 12:42:09 AM    2436    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005e2/27/2009 12:42:09 AM    409142    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100005F2/27/2009 12:42:09 AM    2060    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000602/27/2009 12:42:09 AM    153520    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000612/27/2009 12:42:09 AM    172277    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000622/27/2009 12:42:09 AM    240709    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000632/27/2009 12:42:09 AM    2204    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000642/27/2009 12:42:09 AM    264787    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000652/27/2009 12:42:09 AM    298967    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000672/27/2009 12:42:09 AM    2063    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000682/27/2009 12:42:09 AM    413505    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000692/27/2009 12:42:09 AM    284039    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006A2/27/2009 12:42:09 AM    532860    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006B2/27/2009 12:42:10 AM    223284    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C2/27/2009 12:42:10 AM    531948    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D2/27/2009 12:42:10 AM    596972    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006E2/27/2009 12:42:10 AM    391100    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006F2/27/2009 12:42:10 AM    203746    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000702/27/2009 12:42:10 AM    340842    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000712/27/2009 12:42:10 AM    1446    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000722/27/2009 12:42:10 AM    1590    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000732/27/2009 12:42:10 AM    81348    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000742/27/2009 12:42:10 AM    303400    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\10000792/27/2009 12:42:10 AM    137202    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\AddaxFamily2/27/2009 12:42:10 AM    152308    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\Duke Familly2/27/2009 12:42:10 AM    116689    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\ElFamily2/27/2009 12:42:10 AM    33234    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\generic2/27/2009 12:42:11 AM    372962    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\MMY1012/27/2009 12:42:09 AM    170073    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\MombasaFamily2/27/2009 12:42:11 AM    1041066    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\MX8ButtonFamily2/27/2009 12:42:11 AM    383431    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\M_S692/27/2009 12:42:11 AM    312955    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\ROEM_SantaFeFamily2/27/2009 12:42:11 AM    355466    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\SantaFeFamily2/27/2009 12:42:11 AM    229661    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\TaosFamily2/27/2009 12:42:01 AM    1827    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver2/27/2009 12:42:11 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000002/27/2009 12:42:11 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000092/27/2009 12:42:11 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000132/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000142/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000152/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000162/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000172/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\30000182/27/2009 12:42:12 AM    203    C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\Receiver\300001A4/8/2009 9:27:21 PM    168108    C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R4/8/2009 9:27:21 PM    168108    C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R\LxThumbs4/8/2009 9:27:30 PM    168108    C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R\LxThumbs\36915de5====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo DownloaderC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell QuickSetC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupportC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncherC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\Google Desktop SearchC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM StartupC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSSchedulerC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelperC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\MimBootC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTrayC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\ModemOnHoldC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGSC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\MsnMsgrC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime TaskC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTrayC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSchedC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! PagerC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\YBrowserC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKLM\Software\microsoft\shared tools\msconfig\startupreg\ymetrayC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe====== Services ( Services that are Whitelisted are not shown) ======Abiosdsk (Abiosdsk)-  - Disabled/Stoppedabp480n5 (abp480n5)- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS - Disabled/StoppedACPI (Microsoft ACPI Driver)- C:\WINDOWS\system32\DRIVERS\ACPI.sys - Boot/RunningACPIEC (ACPIEC)- C:\WINDOWS\system32\drivers\ACPIEC.sys - Disabled/Stoppedadpu160m (adpu160m)- C:\WINDOWS\system32\DRIVERS\adpu160m.sys - Disabled/Stoppedaec (Microsoft Kernel Acoustic Echo Canceller)- C:\WINDOWS\system32\drivers\aec.sys - Manual/StoppedAegisP (AEGIS Protocol (IEEE 802.1x) v3.7.4.0)- C:\WINDOWS\system32\DRIVERS\AegisP.sys - Auto/RunningAFD (AFD)- C:\WINDOWS\system32\drivers\afd.sys - System/Runningagp440 (Intel AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agp440.sys - Disabled/StoppedagpCPQ (Compaq AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys - Disabled/StoppedAha154x (Aha154x)- C:\WINDOWS\system32\DRIVERS\aha154x.sys - Disabled/Stoppedaic78u2 (aic78u2)- C:\WINDOWS\system32\DRIVERS\aic78u2.sys - Disabled/Stoppedaic78xx (aic78xx)- C:\WINDOWS\system32\DRIVERS\aic78xx.sys - Disabled/StoppedAliIde (AliIde)- C:\WINDOWS\system32\DRIVERS\aliide.sys - Disabled/Stoppedalim1541 (ALI AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\alim1541.sys - Disabled/Stoppedamdagp (AMD AGP Bus Filter Driver)- C:\WINDOWS\system32\DRIVERS\amdagp.sys - Disabled/Stoppedamsint (amsint)- C:\WINDOWS\system32\DRIVERS\amsint.sys - Disabled/StoppedAPPDRV (APPDRV)- C:\WINDOWS\system32\DRIVERS\APPDRV.SYS - System/RunningArp1394 (1394 ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\arp1394.sys - Manual/Runningasc (asc)- C:\WINDOWS\system32\DRIVERS\asc.sys - Disabled/Stoppedasc3350p (asc3350p)- C:\WINDOWS\system32\DRIVERS\asc3350p.sys - Disabled/Stoppedasc3550 (asc3550)- C:\WINDOWS\system32\DRIVERS\asc3550.sys - Disabled/StoppedASCTRM (ASCTRM)- C:\WINDOWS\system32\drivers\ASCTRM.sys - Auto/RunningAsyncMac (RAS Asynchronous Media Driver)- C:\WINDOWS\system32\DRIVERS\asyncmac.sys - Manual/Stoppedatapi (Standard IDE/ESDI Hard Disk Controller)- C:\WINDOWS\system32\DRIVERS\atapi.sys - Boot/RunningAtdisk (Atdisk)-  - Disabled/StoppedAtmarpc (ATM ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\atmarpc.sys - Manual/Stoppedaudstub (Audio Stub Driver)- C:\WINDOWS\system32\DRIVERS\audstub.sys - Manual/Runningavgio (avgio)- \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys - System/Runningavgntflt (avgntflt)- \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys - Manual/Runningavipbb (avipbb)- C:\WINDOWS\system32\DRIVERS\avipbb.sys - System/Runningbcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver)- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys - Manual/RunningBeep (Beep)- C:\WINDOWS\system32\drivers\Beep.sys - System/RunningBthEnum (Bluetooth Request Block Driver)- C:\WINDOWS\system32\DRIVERS\BthEnum.sys - Manual/StoppedBthPan (Bluetooth Device (Personal Area Network))- C:\WINDOWS\system32\DRIVERS\bthpan.sys - Manual/StoppedBTHPORT (Bluetooth Port Driver)- C:\WINDOWS\system32\Drivers\BTHport.sys - Manual/StoppedBTHUSB (Bluetooth Radio USB Driver)- C:\WINDOWS\system32\Drivers\BTHUSB.sys - Manual/Stoppedbtusbflt (Bluetooth USB Filter)- C:\WINDOWS\system32\drivers\btusbflt.sys - Manual/Stoppedcbidf (cbidf)- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys - Disabled/Stoppedcbidf2k (cbidf2k)- C:\WINDOWS\system32\drivers\cbidf2k.sys - Disabled/StoppedCBTNDIS5 (CBTNDIS5 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\CBTNDIS5.SYS - Manual/StoppedCCDECODE (Closed Caption Decoder)- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys - Manual/Stoppedcd20xrnt (cd20xrnt)- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys - Disabled/StoppedCdaudio (Cdaudio)- C:\WINDOWS\system32\drivers\Cdaudio.sys - System/StoppedCdfs (Cdfs)- C:\WINDOWS\system32\drivers\Cdfs.sys - Disabled/RunningCdrom (CD-ROM Driver)- C:\WINDOWS\system32\DRIVERS\cdrom.sys - System/RunningChanger (Changer)-  - System/StoppedCmBatt (Microsoft ACPI Control Method Battery Driver)- C:\WINDOWS\system32\DRIVERS\CmBatt.sys - Manual/RunningCmdIde (CmdIde)- C:\WINDOWS\system32\DRIVERS\cmdide.sys - Disabled/StoppedCompbatt (Microsoft Composite Battery Driver)- C:\WINDOWS\system32\DRIVERS\compbatt.sys - Boot/RunningCpqarray (Cpqarray)- C:\WINDOWS\system32\DRIVERS\cpqarray.sys - Disabled/Stoppeddac2w2k (dac2w2k)- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - Disabled/Stoppeddac960nt (dac960nt)- C:\WINDOWS\system32\DRIVERS\dac960nt.sys - Disabled/StoppedDisk (Disk Driver)- C:\WINDOWS\system32\DRIVERS\disk.sys - Boot/Runningdmboot (dmboot)- C:\WINDOWS\system32\drivers\dmboot.sys - Disabled/Stoppeddmio (Logical Disk Manager Driver)- C:\WINDOWS\system32\drivers\dmio.sys - Boot/Runningdmload (dmload)- C:\WINDOWS\system32\drivers\dmload.sys - Disabled/StoppedDMusic (Microsoft Kernel DLS Syntheiszer)- C:\WINDOWS\system32\drivers\DMusic.sys - Manual/Stoppeddpti2o (dpti2o)- C:\WINDOWS\system32\DRIVERS\dpti2o.sys - Disabled/Stoppeddrmkaud (Microsoft Kernel DRM Audio Descrambler)- C:\WINDOWS\system32\drivers\drmkaud.sys - Manual/Stoppeddrvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Runningdrvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/RunningDSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction	riggers\DSproct.sys - Manual/Runningdsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/RunningE100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/StoppedFastfat (Fastfat)- C:\WINDOWS\system32\drivers\Fastfat.sys - Disabled/StoppedFdc (Floppy Disk Controller Driver)- C:\WINDOWS\system32\DRIVERS\fdc.sys - Manual/StoppedFips (Fips)- C:\WINDOWS\system32\drivers\Fips.sys - System/RunningFlpydisk (Floppy Disk Driver)- C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Manual/StoppedFltMgr (FltMgr)- C:\WINDOWS\system32\drivers\fltmgr.sys - Boot/RunningFtdisk (Volume Manager Driver)- C:\WINDOWS\system32\DRIVERS\ftdisk.sys - Boot/RunningGEARAspiWDM (GEARAspiWDM)- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys - Manual/RunningGpc (Generic Packet Classifier)- C:\WINDOWS\system32\DRIVERS\msgpc.sys - Manual/RunningHDAudBus (Microsoft UAA Bus Driver for High Definition Audio)- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys - Manual/RunningHidBth (Microsoft Bluetooth HID Miniport)- C:\WINDOWS\system32\DRIVERS\hidbth.sys - Manual/StoppedHidUsb (Microsoft HID Class Driver)- C:\WINDOWS\system32\DRIVERS\hidusb.sys - Manual/Runninghpn (hpn)- C:\WINDOWS\system32\DRIVERS\hpn.sys - Disabled/StoppedHSF_DPV (HSF_DPV)- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys - Manual/RunningHSXHWAZL (HSXHWAZL)- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys - Manual/RunningHTTP (HTTP)- C:\WINDOWS\system32\Drivers\HTTP.sys - Manual/Runningi2omgmt (i2omgmt)- C:\WINDOWS\system32\drivers\i2omgmt.sys - System/Runningi2omp (i2omp)- C:\WINDOWS\system32\DRIVERS\i2omp.sys - Disabled/Stoppedi8042prt (i8042 Keyboard and PS/2 Mouse Port Driver)- C:\WINDOWS\system32\DRIVERS\i8042prt.sys - System/Runningialm (ialm)- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys - Manual/RunningImapi (CD-Burning Filter Driver)- C:\WINDOWS\system32\DRIVERS\imapi.sys - System/Runningini910u (ini910u)- C:\WINDOWS\system32\DRIVERS\ini910u.sys - Disabled/StoppedIntelIde (IntelIde)- C:\WINDOWS\system32\DRIVERS\intelide.sys - Disabled/Stoppedintelppm (Intel Processor Driver)- C:\WINDOWS\system32\DRIVERS\intelppm.sys - System/RunningIp6Fw (IPv6 Windows Firewall Driver)- C:\WINDOWS\system32\drivers\ip6fw.sys - Manual/StoppedIpFilterDriver (IP Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Manual/StoppedIpInIp (IP in IP Tunnel Driver)- C:\WINDOWS\system32\DRIVERS\ipinip.sys - Manual/StoppedIpNat (IP Network Address Translator)- C:\WINDOWS\system32\DRIVERS\ipnat.sys - Manual/RunningIPSec (IPSEC driver)- C:\WINDOWS\system32\DRIVERS\ipsec.sys - System/RunningIRENUM (IR Enumerator Service)- C:\WINDOWS\system32\DRIVERS\irenum.sys - Manual/Stoppedisapnp (PnP ISA/EISA Bus Driver)- C:\WINDOWS\system32\DRIVERS\isapnp.sys - Boot/RunningKbdclass (Keyboard Class Driver)- C:\WINDOWS\system32\DRIVERS\kbdclass.sys - System/Runningkmixer (Microsoft Kernel Wave Audio Mixer)- C:\WINDOWS\system32\drivers\kmixer.sys - Manual/RunningKSecDD (KSecDD)- C:\WINDOWS\system32\drivers\KSecDD.sys - Boot/Runninglbrtfdc (lbrtfdc)-  - System/StoppedLHidFilt (Logitech SetPoint KMDF HID Filter Driver)- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys - Manual/StoppedLMouFilt (Logitech SetPoint KMDF Mouse Filter Driver)- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys - Manual/Stoppedmdmxsdk (mdmxsdk)- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys - Auto/RunningMHNDRV (MHN driver)- C:\WINDOWS\system32\DRIVERS\mhndrv.sys - Manual/Stoppedmnmdd (mnmdd)- C:\WINDOWS\system32\drivers\mnmdd.sys - System/RunningModem (Modem)- C:\WINDOWS\system32\drivers\Modem.sys - Manual/RunningMouclass (Mouse Class Driver)- C:\WINDOWS\system32\DRIVERS\mouclass.sys - System/Runningmouhid (Mouse HID Driver)- C:\WINDOWS\system32\DRIVERS\mouhid.sys - Manual/RunningMountMgr (Mount Point Manager)- C:\WINDOWS\system32\drivers\MountMgr.sys - Boot/Runningmraid35x (mraid35x)- C:\WINDOWS\system32\DRIVERS\mraid35x.sys - Disabled/StoppedMRxDAV (WebDav Client Redirector)- C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Manual/RunningMRxSmb (MRXSMB)- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - System/RunningMsfs (Msfs)- C:\WINDOWS\system32\drivers\Msfs.sys - System/RunningMSKSSRV (Microsoft Streaming Service Proxy)- C:\WINDOWS\system32\drivers\MSKSSRV.sys - Manual/StoppedMSPCLOCK (Microsoft Streaming Clock Proxy)- C:\WINDOWS\system32\drivers\MSPCLOCK.sys - Manual/StoppedMSPQM (Microsoft Streaming Quality Manager Proxy)- C:\WINDOWS\system32\drivers\MSPQM.sys - Manual/Stoppedmssmbios (Microsoft System Management BIOS Driver)- C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Manual/RunningMSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter)- C:\WINDOWS\system32\drivers\MSTEE.sys - Manual/StoppedMup (Mup)- C:\WINDOWS\system32\drivers\Mup.sys - Boot/RunningNABTSFEC (NABTS/FEC VBI Codec)- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys - Manual/StoppedNDIS (NDIS System Driver)- C:\WINDOWS\system32\drivers\NDIS.sys - Boot/RunningNdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/StoppedNdisTapi (Remote Access NDIS TAPI Driver)- C:\WINDOWS\system32\DRIVERS
distapi.sys - Manual/RunningNdisuio (NDIS Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS
disuio.sys - Manual/RunningNdisWan (Remote Access NDIS WAN Driver)- C:\WINDOWS\system32\DRIVERS
diswan.sys - Manual/RunningNDProxy (NDIS Proxy)- C:\WINDOWS\system32\drivers\NDProxy.sys - Manual/RunningNetBIOS (NetBIOS Interface)- C:\WINDOWS\system32\DRIVERS
etbios.sys - System/RunningNetBT (NetBios over Tcpip)- C:\WINDOWS\system32\DRIVERS
etbt.sys - System/RunningNETw4x32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit)- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys - Manual/RunningNIC1394 (1394 Net Driver)- C:\WINDOWS\system32\DRIVERS
ic1394.sys - Manual/RunningNpfs (Npfs)- C:\WINDOWS\system32\drivers\Npfs.sys - System/RunningNtfs (Ntfs)- C:\WINDOWS\system32\drivers\Ntfs.sys - Disabled/RunningNull (Null)- C:\WINDOWS\system32\drivers\Null.sys - System/Runningnv (nv)- C:\WINDOWS\system32\DRIVERS
v4_mini.sys - Manual/StoppedNwlnkFlt (IPX Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS
wlnkflt.sys - Manual/StoppedNwlnkFwd (IPX Traffic Forwarder Driver)- C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys - Manual/StoppedodysseyIM3 (Odyssey Network Services Miniport)- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys - Manual/Runningohci1394 (OHCI Compliant IEEE 1394 Host Controller)- C:\WINDOWS\system32\DRIVERS\ohci1394.sys - Boot/Runningomci (OMCI WDM Device Driver)- C:\WINDOWS\system32\DRIVERS\omci.sys - System/Runningovt519 (VGA USB Camera)- C:\WINDOWS\system32\Drivers\ov519vid.sys - Manual/RunningParport (Parallel port driver)- C:\WINDOWS\system32\DRIVERS\parport.sys - Manual/StoppedPartMgr (Partition Manager)- C:\WINDOWS\system32\drivers\PartMgr.sys - Boot/RunningParVdm (ParVdm)- C:\WINDOWS\system32\drivers\ParVdm.sys - Disabled/StoppedPCI (PCI Bus Driver)- C:\WINDOWS\system32\DRIVERS\pci.sys - Boot/RunningPCIDump (PCIDump)-  - System/StoppedPCIIde (PCIIde)- C:\WINDOWS\system32\DRIVERS\pciide.sys - Boot/RunningPcmcia (Pcmcia)- C:\WINDOWS\system32\drivers\Pcmcia.sys - Disabled/StoppedPDCOMP (PDCOMP)-  - Manual/StoppedPDFRAME (PDFRAME)-  - Manual/StoppedPDRELI (PDRELI)-  - Manual/StoppedPDRFRAME (PDRFRAME)-  - Manual/Stoppedperc2 (perc2)- C:\WINDOWS\system32\DRIVERS\perc2.sys - Disabled/Stoppedperc2hib (perc2hib)- C:\WINDOWS\system32\DRIVERS\perc2hib.sys - Disabled/Stoppedpfc (Padus ASPI Shell)- C:\WINDOWS\system32\drivers\pfc.sys - Manual/RunningPptpMiniport (WAN Miniport (PPTP))- C:\WINDOWS\system32\DRIVERSaspptp.sys - Manual/RunningPSched (QoS Packet Scheduler)- C:\WINDOWS\system32\DRIVERS\psched.sys - Manual/RunningPtilink (Direct Parallel Link Driver)- C:\WINDOWS\system32\DRIVERS\ptilink.sys - Manual/RunningPxHelp20 (PxHelp20)- C:\WINDOWS\system32\Drivers\PxHelp20.sys - Boot/Runningql1080 (ql1080)- C:\WINDOWS\system32\DRIVERS\ql1080.sys - Disabled/StoppedQl10wnt (Ql10wnt)- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys - Disabled/Stoppedql12160 (ql12160)- C:\WINDOWS\system32\DRIVERS\ql12160.sys - Disabled/Stoppedql1240 (ql1240)- C:\WINDOWS\system32\DRIVERS\ql1240.sys - Disabled/Stoppedql1280 (ql1280)- C:\WINDOWS\system32\DRIVERS\ql1280.sys - Disabled/StoppedRasAcd (Remote Access Auto Connection Driver)- C:\WINDOWS\system32\DRIVERSasacd.sys - System/RunningRasl2tp (WAN Miniport (L2TP))- C:\WINDOWS\system32\DRIVERSasl2tp.sys - Manual/RunningRasPppoe (Remote Access PPPOE Driver)- C:\WINDOWS\system32\DRIVERSaspppoe.sys - Manual/RunningRaspti (Direct Parallel)- C:\WINDOWS\system32\DRIVERSaspti.sys - Manual/RunningRdbss (Rdbss)- C:\WINDOWS\system32\DRIVERSdbss.sys - System/RunningRDPCDD (RDPCDD)- C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - System/Runningrdpdr (Terminal Server Device Redirector Driver)- C:\WINDOWS\system32\DRIVERSdpdr.sys - Manual/RunningRDPWD (RDPWD)- C:\WINDOWS\system32\drivers\RDPWD.sys - Manual/Stoppedredbook (Digital CD Audio Playback Filter Driver)- C:\WINDOWS\system32\DRIVERSedbook.sys - System/RunningRFCOMM (Bluetooth Device (RFCOMM Protocol TDI))- C:\WINDOWS\system32\DRIVERSfcomm.sys - Manual/Stoppedrimmptsk (rimmptsk)- C:\WINDOWS\system32\DRIVERSimmptsk.sys - Manual/Runningrimsptsk (rimsptsk)- C:\WINDOWS\system32\DRIVERSimsptsk.sys - Manual/Runningrismxdp (Ricoh xD-Picture Card Driver)- C:\WINDOWS\system32\DRIVERSixdptsk.sys - Manual/Runnings24trans (WLAN Transport)- C:\WINDOWS\system32\DRIVERS\s24trans.sys - Auto/Runningsdbus (sdbus)- C:\WINDOWS\system32\DRIVERS\sdbus.sys - Manual/RunningSecdrv (Secdrv)- C:\WINDOWS\system32\DRIVERS\secdrv.sys - Manual/Stoppedserenum (Serenum Filter Driver)- C:\WINDOWS\system32\DRIVERS\serenum.sys - Manual/StoppedSerial (Serial port driver)- C:\WINDOWS\system32\DRIVERS\serial.sys - System/StoppedSfloppy (Sfloppy)- C:\WINDOWS\system32\drivers\Sfloppy.sys - System/StoppedSimbad (Simbad)-  - Disabled/Stoppedsisagp (SIS AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\sisagp.sys - Disabled/StoppedSLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/StoppedSparrow (Sparrow)- C:\WINDOWS\system32\DRIVERS\sparrow.sys - Disabled/Stoppedsplitter (Microsoft Kernel Audio Splitter)- C:\WINDOWS\system32\drivers\splitter.sys - Manual/Stoppedsr (System Restore Filter Driver)- C:\WINDOWS\system32\DRIVERS\sr.sys - Boot/RunningSrv (Srv)- C:\WINDOWS\system32\DRIVERS\srv.sys - Manual/Runningsscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Runningssmdrv (ssmdrv)- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - System/Runningssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/RunningSTHDA (SigmaTel High Definition Audio CODEC)- C:\WINDOWS\system32\drivers\sthda.sys - Manual/Runningstreamip (BDA IPSink)- C:\WINDOWS\system32\DRIVERS\StreamIP.sys - Manual/Stoppedswenum (Software Bus Driver)- C:\WINDOWS\system32\DRIVERS\swenum.sys - Manual/Runningswmidi (Microsoft Kernel GS Wavetable Synthesizer)- C:\WINDOWS\system32\drivers\swmidi.sys - Manual/Stoppedsymc810 (symc810)- C:\WINDOWS\system32\DRIVERS\symc810.sys - Disabled/Stoppedsymc8xx (symc8xx)- C:\WINDOWS\system32\DRIVERS\symc8xx.sys - Disabled/Stoppedsym_hi (sym_hi)- C:\WINDOWS\system32\DRIVERS\sym_hi.sys - Disabled/Stoppedsym_u3 (sym_u3)- C:\WINDOWS\system32\DRIVERS\sym_u3.sys - Disabled/StoppedSynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Runningsysaudio (Microsoft Kernel System Audio Device)- C:\WINDOWS\system32\drivers\sysaudio.sys - Manual/Running

bamajim · Answer

E310

1. Rerun Avenger
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\ddcbcCut.dll
C:\WINDOWS\system32\khFYpmKD.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:

It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

E310 · Answer

And the results are:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sat Apr 25 08:43:50 2009

08:43:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\ddcbcCut.dll" not found!
Deletion of file "C:\WINDOWS\system32\ddcbcCut.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\khFYpmKD.dll" not found!
Deletion of file "C:\WINDOWS\system32\khFYpmKD.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:29 AM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldncoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\liliana yepes\My Documents\Kill It\analyzer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SetPoint.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\kellie nicolle\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238554266328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL kgwfxb.dll mwrhva.dll
O20 - Winlogon Notify: qoMCUOIc - qoMCUOIc.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe
O23 - Service: dldn_device - - C:\WINDOWS\system32\dldncoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9b5fb43203dd8) (gupdate1c9b5fb43203dd8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14738 bytes

bamajim · Answer

E310

1. Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {1B9C57D1-B4F8-4212-9DE7-35B022495131} - C:\WINDOWS\system32\khFYpmKD.dll (file missing)
O2 - BHO: (no name) - {CC8A6954-4BE0-4882-9FC5-8699581221D7} - C:\WINDOWS\system32\ddcbcCut.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL kgwfxb.dll mwrhva.dll
O20 - Winlogon Notify: qoMCUOIc - qoMCUOIc.dll (file missing)

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

E310 · Answer

Thanks, as always. Here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:09 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\dldncoms.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\liliana yepes\My Documents\Kill It\analyzer.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SetPoint.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\kellie nicolle\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238554266328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe
O23 - Service: dldn_device - - C:\WINDOWS\system32\dldncoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9b5fb43203dd8) (gupdate1c9b5fb43203dd8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14430 bytes

Virus & Spyware

Was this post helpful?