Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MyWebSearch, Vundo, Hotbar and FakeAlert Infection

Started by Aerator , Jun 30 2011 05:13 PM

This topic is locked

#1
Aerator

Posted 30 June 2011 - 05:13 PM

Member

Member
23 posts

Cascading popup windows alerted the user of a problem. Some infection removed/renamed the MalwareBytes executable file and caused unusual appearance for Task Manager. I was trying to run the first OTL Log and had to reboot as I could not disable the popups. After restart, I reinstalled MalwareBytes and ran it - removing 347 infected issues. I then ran OTL this is that log: followed by the original Malware BYtes Log. It is run 2 because I realized the OTL version I grabbed was old - LOL - pun not intended.
I am restarting and rerunning MalwareBytes; but really need help with the OTL analysis as I am not yet comfortable with the info and scripting.

Thanks,
Michael

OTL logfile created on: 6/30/2011 4:23:23 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 384.95 Mb Available Physical Memory | 37.67% Memory free
2.91 Gb Paging File | 2.35 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 5.30 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
Drive I: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive K: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive R: | 815.33 Gb Total Space | 158.29 Gb Free Space | 19.41% Space Free | Partition Type: NTFS
Drive S: | 815.33 Gb Total Space | 158.29 Gb Free Space | 19.41% Space Free | Partition Type: NTFS
Drive T: | 244.14 Gb Total Space | 234.40 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive U: | 815.33 Gb Total Space | 158.29 Gb Free Space | 19.41% Space Free | Partition Type: NTFS

Computer Name: SHERRY-DESKTOP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\sherry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
PRC - C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\JfServer.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\PipeMgr.exe (Adobe Systems Incorporated)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (JetFormCentral) -- C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (MpKslcbbd4eb3) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09BBAB06-B5CE-4A9E-AA0E-C44BC5B397F5}\MpKslcbbd4eb3.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (HPFXBULK) -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys (Hewlett Packard)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:03:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

O1 HOSTS File: ([2005/09/23 15:10:34 | 000,003,821 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 33 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity Toolbar) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\sherry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} https://wb01/connect...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233956485360 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://now.abs-cbn.c...EasyInstall.cab (ESPluginInstallProgress Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.25 64.80.125.114 64.80.249.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbrass.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 15:55:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/30 13:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 13:51:19 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 13:51:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/30 13:29:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[2011/06/15 08:37:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/09 02:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 16:30:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122UA.job
[2011/06/30 16:25:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 16:20:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/30 16:20:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[2011/06/30 16:16:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 16:16:09 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/30 16:16:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/30 16:15:56 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/30 16:15:14 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/30 16:15:13 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 15:56:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/30 15:30:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122Core.job
[2011/06/30 13:53:53 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/30 10:29:43 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Crystal Reports XI.lnk
[2011/06/29 17:33:17 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 17:33:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Google Chrome.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | M] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | M] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | M] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 15:50:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/22 10:58:37 | 000,010,592 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 16:10:50 | 000,017,661 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | M] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/21 08:47:22 | 000,016,537 | ---- | M] () -- \\wb01\users\sherry\My Documents\packing slip.pdf
[2011/06/17 11:43:20 | 000,011,367 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/17 11:37:26 | 000,014,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/16 16:08:31 | 000,160,136 | ---- | M] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | M] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:09:58 | 000,016,980 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/16 10:13:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:06:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:05:15 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/16 10:05:15 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/15 16:02:42 | 000,018,647 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015971 SOORUN.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 17:04:33 | 000,010,803 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016047 POS.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 16:19:01 | 000,012,796 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:11:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/10 16:36:50 | 000,010,704 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | M] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | M] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | M] () -- \\wb01\users\sherry\My Documents\a
[2011/06/08 14:49:28 | 000,026,952 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/08 14:34:34 | 000,014,264 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015900 TUBETECH REVISED.pdf
[2011/06/07 13:19:10 | 000,046,128 | ---- | M] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[2011/06/03 15:14:13 | 000,011,887 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015962 BYSON.pdf
[2011/06/03 10:29:50 | 000,010,573 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016043 LARSEN.pdf
[2011/06/03 10:03:28 | 000,013,365 | ---- | M] () -- \\wb01\users\sherry\My Documents\RMA.pdf
[2011/06/02 15:22:03 | 000,010,031 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016027 FERGUSON.pdf
[2011/06/02 15:19:46 | 000,011,079 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016026 POS.pdf
[2011/06/02 13:50:09 | 000,011,236 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016025 Harbil.pdf
[2011/06/02 13:29:32 | 000,011,195 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016023 Tecmark.pdf
[2011/06/02 10:20:59 | 000,011,981 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015900 J&B.pdf
[2011/06/02 09:22:54 | 000,010,501 | ---- | M] () -- \\wb01\users\sherry\My Documents\Zurier PO.pdf
[2011/06/01 16:49:13 | 000,016,295 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016013 HUOSEN.pdf
[2011/06/01 15:52:50 | 000,010,504 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016012 ZURIER.pdf
[2011/06/01 13:45:45 | 000,010,763 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016011 HARBIL.pdf
[2011/06/01 13:37:00 | 000,629,128 | ---- | M] () -- \\wb01\users\sherry\My Documents\lojack1.jpg
[2011/06/01 13:37:00 | 000,619,836 | ---- | M] () -- \\wb01\users\sherry\My Documents\lojack2.jpeg
[2011/06/01 12:39:29 | 000,013,953 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016005 EZFLO.pdf
[2011/06/01 08:37:53 | 000,256,693 | ---- | M] () -- \\wb01\users\sherry\My Documents\IM_GN_INTL_004.pdf
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 13:51:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | C] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | C] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | C] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 10:58:37 | 000,010,592 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | C] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/17 11:43:19 | 000,011,367 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/16 16:08:30 | 000,160,136 | ---- | C] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | C] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:43:49 | 000,017,661 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:36:32 | 000,014,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/10 16:36:50 | 000,010,704 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/10 15:50:28 | 000,012,796 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | C] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | C] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | C] () -- \\wb01\users\sherry\My Documents\a
[2011/06/09 16:32:14 | 000,016,980 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/08 14:49:28 | 000,026,952 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/07 13:19:09 | 000,046,128 | ---- | C] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[2011/06/03 15:06:45 | 000,014,264 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015900 TUBETECH REVISED.pdf
[2011/06/03 11:38:30 | 000,010,803 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016047 POS.pdf
[2011/06/03 10:29:50 | 000,010,573 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016043 LARSEN.pdf
[2011/06/02 15:22:03 | 000,010,031 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016027 FERGUSON.pdf
[2011/06/02 15:19:46 | 000,011,079 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016026 POS.pdf
[2011/06/02 13:50:09 | 000,011,236 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016025 Harbil.pdf
[2011/06/02 13:29:31 | 000,011,195 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016023 Tecmark.pdf
[2011/06/02 10:20:59 | 000,011,981 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015900 J&B.pdf
[2011/06/02 09:22:54 | 000,010,501 | ---- | C] () -- \\wb01\users\sherry\My Documents\Zurier PO.pdf
[2011/06/01 16:49:12 | 000,016,295 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016013 HUOSEN.pdf
[2011/06/01 16:39:32 | 000,018,647 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015971 SOORUN.pdf
[2011/06/01 15:52:50 | 000,010,504 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016012 ZURIER.pdf
[2011/06/01 13:37:00 | 000,629,128 | ---- | C] () -- \\wb01\users\sherry\My Documents\lojack1.jpg
[2011/06/01 13:37:00 | 000,619,836 | ---- | C] () -- \\wb01\users\sherry\My Documents\lojack2.jpeg
[2011/06/01 13:20:21 | 000,010,763 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016011 HARBIL.pdf
[2011/06/01 12:39:29 | 000,013,953 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016005 EZFLO.pdf
[2011/06/01 08:37:45 | 000,256,693 | ---- | C] () -- \\wb01\users\sherry\My Documents\IM_GN_INTL_004.pdf
[2010/02/22 08:56:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/11/06 13:07:36 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/19 12:59:58 | 000,006,565 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\PrimoPDFSet.xml
[2009/02/19 12:48:48 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/12/16 12:21:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8220.ini
[2008/12/16 11:15:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/16 11:15:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/09 13:07:13 | 000,001,318 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/09 12:59:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2008/12/09 12:59:25 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dat
[2007/12/24 14:03:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\modern.exe
[2007/06/18 10:44:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/04/24 14:25:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2006/01/12 16:09:31 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 16:48:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/01/11 16:48:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/01/11 16:48:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/01/11 16:48:53 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/12/07 13:20:11 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/09/23 07:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WESTBRASS.COM&13.xml
[2005/07/08 11:55:49 | 000,016,180 | ---- | C] () -- C:\WINDOWS\lu.dat
[2005/03/01 16:16:19 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2005/01/20 15:38:05 | 000,024,674 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/01/20 15:38:05 | 000,024,672 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/11/29 08:58:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/11/22 09:27:41 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2004/09/25 17:41:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:11:25 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EKDJJMJM.ini
[2004/07/07 07:52:44 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/07/06 13:56:31 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2004/06/15 16:28:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/05/27 07:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/23 15:00:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2003/11/06 14:26:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\fusioncache.dat
[2003/09/29 10:44:25 | 000,000,870 | ---- | C] () -- C:\WINDOWS\DKAAA2DD.ini
[2003/09/23 15:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/07/16 18:48:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 12:59:37 | 000,000,944 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/16 12:35:46 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2003/07/10 05:03:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/10 05:02:13 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/10 04:56:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/10 04:56:38 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/07/10 04:56:38 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/10 04:51:52 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/10 04:42:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/07/10 04:30:56 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 11:51:12 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/09/03 11:51:12 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/09/03 11:42:36 | 000,435,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 11:35:18 | 000,005,707 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 11:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/17 05:24:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
[2002/04/17 05:17:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
[2002/04/17 05:17:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
[2002/04/17 05:16:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
[2002/04/17 05:16:32 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
[2002/04/17 05:15:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
[2002/04/17 05:15:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
[2002/04/17 05:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
[2002/04/17 05:15:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
[2002/04/17 05:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[2002/04/03 13:01:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2011/06/30 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/29 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/27 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/22 08:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/05/30 13:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/14 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/28 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\FileZilla
[2010/02/22 09:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\iolo
[2006/02/10 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Leadertech
[2004/05/28 07:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Lycos
[2009/02/27 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Nitro PDF
[2011/06/30 13:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\PriceGong
[2010/11/10 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\SmartDraw
[2007/07/13 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Snapfish
[2007/03/30 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Softros Messenger
[2005/09/23 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\STOPzilla!
[2010/01/27 09:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Uniblue
[2008/06/03 15:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Viewpoint
[2011/06/30 16:20:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/30 16:16:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/06/30 16:16:09 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/06/17 08:34:00 | 000,032,147 | ---- | M] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif
[2011/06/17 08:34:00 | 000,032,147 | ---- | C] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif

< End of report >

************************************* MalwareBytes **********************************************************

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2011 2:51:30 PM
mbam-log-2011-06-30 (14-51-30).txt

Scan type: Quick scan
Objects scanned: 441511
Time elapsed: 36 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 134
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 134

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\sherry\local settings\temporary internet files\Content.IE5\N6I41S8D\vclean[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache\01564D36.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00077155.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0008F7A7.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00090553.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000C09F8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00BED0A2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00BED276 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00BED41C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01575B1B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01575D2F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01575E48.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01575F52.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01856BD5.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\01B14183 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Edited by Aerator, 30 June 2011 - 06:08 PM.

#2
ali.B

Posted 01 July 2011 - 03:17 PM

Trusted Helper

Malware Removal
3,086 posts

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#3
Aerator

Posted 02 July 2011 - 12:15 PM

Member

Topic Starter
Member
23 posts

Hi Ali.B,
Will do on Tuesday. I am out of the building for the holiday weekend.
Thanks in advance for your help.
Michael

#4
ali.B

Posted 02 July 2011 - 12:32 PM

Trusted Helper

Malware Removal
3,086 posts

Thanks for letting me know.

#5
Aerator

Posted 05 July 2011 - 09:16 AM

Member

Topic Starter
Member
23 posts

Here you - and thanks again-
Michael

OTL logfile created on: 7/5/2011 7:27:40 AM - Run 3
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 478.20 Mb Available Physical Memory | 46.79% Memory free
2.91 Gb Paging File | 2.37 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 5.35 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive I: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive K: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive R: | 815.33 Gb Total Space | 158.04 Gb Free Space | 19.38% Space Free | Partition Type: NTFS
Drive S: | 815.33 Gb Total Space | 158.04 Gb Free Space | 19.38% Space Free | Partition Type: NTFS
Drive T: | 244.14 Gb Total Space | 234.40 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive U: | 815.33 Gb Total Space | 158.04 Gb Free Space | 19.38% Space Free | Partition Type: NTFS

Computer Name: SHERRY-DESKTOP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
PRC - C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\JfServer.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\PipeMgr.exe (Adobe Systems Incorporated)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (JetFormCentral) -- C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (MpKslcaf41163) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E27AF7D-AEEB-4CB5-A03D-A88BB4E8431A}\MpKslcaf41163.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (HPFXBULK) -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys (Hewlett Packard)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

O1 HOSTS File: ([2005/09/23 15:10:34 | 000,003,821 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 33 more lines...
O2 - BHO: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity Toolbar) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} https://wb01/connect...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233956485360 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://now.abs-cbn.c...EasyInstall.cab (ESPluginInstallProgress Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.25 64.80.125.114 64.80.249.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbrass.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/02 05:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[2011/06/30 15:55:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/30 13:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 13:51:19 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 13:51:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/30 13:29:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 07:30:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122UA.job
[2011/07/05 07:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 02:03:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/04 15:30:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122Core.job
[2011/07/04 12:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/02 04:20:02 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/01 15:51:11 | 000,016,928 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016013 HUOSEN.pdf
[2011/07/01 15:47:23 | 000,010,574 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:29:36 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Crystal Reports XI.lnk
[2011/07/01 08:22:00 | 000,357,503 | ---- | M] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/07/01 08:13:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/01 08:13:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/01 08:12:23 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/01 08:12:22 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 16:20:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[2011/06/30 15:56:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/30 13:53:53 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 17:33:17 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 17:33:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Google Chrome.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | M] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | M] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | M] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 15:50:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/22 10:58:37 | 000,010,592 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 16:10:50 | 000,017,661 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | M] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/21 08:47:22 | 000,016,537 | ---- | M] () -- \\wb01\users\sherry\My Documents\packing slip.pdf
[2011/06/17 11:43:20 | 000,011,367 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/17 11:37:26 | 000,014,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/16 16:08:31 | 000,160,136 | ---- | M] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | M] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:09:58 | 000,016,980 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/16 10:13:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:06:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:05:15 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/16 10:05:15 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/15 16:02:42 | 000,018,647 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015971 SOORUN.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 17:04:33 | 000,010,803 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016047 POS.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 16:19:01 | 000,012,796 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:11:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/10 16:36:50 | 000,010,704 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | M] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | M] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | M] () -- \\wb01\users\sherry\My Documents\a
[2011/06/08 14:49:28 | 000,026,952 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/08 14:34:34 | 000,014,264 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015900 TUBETECH REVISED.pdf
[2011/06/07 13:19:10 | 000,046,128 | ---- | M] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 15:47:23 | 000,010,574 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:22:00 | 000,357,503 | ---- | C] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/06/30 13:51:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | C] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | C] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | C] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 10:58:37 | 000,010,592 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | C] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/17 11:43:19 | 000,011,367 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/16 16:08:30 | 000,160,136 | ---- | C] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | C] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:43:49 | 000,017,661 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:36:32 | 000,014,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/10 16:36:50 | 000,010,704 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/10 15:50:28 | 000,012,796 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | C] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | C] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | C] () -- \\wb01\users\sherry\My Documents\a
[2011/06/09 16:32:14 | 000,016,980 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/08 14:49:28 | 000,026,952 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/07 13:19:09 | 000,046,128 | ---- | C] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[2010/02/22 08:56:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/11/06 13:07:36 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/19 12:59:58 | 000,006,565 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\PrimoPDFSet.xml
[2009/02/19 12:48:48 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/12/16 12:21:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8220.ini
[2008/12/16 11:15:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/16 11:15:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/09 13:07:13 | 000,001,318 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/09 12:59:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2008/12/09 12:59:25 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dat
[2007/12/24 14:03:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\modern.exe
[2007/06/18 10:44:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/04/24 14:25:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2006/01/12 16:09:31 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 16:48:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/01/11 16:48:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/01/11 16:48:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/01/11 16:48:53 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/12/07 13:20:11 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/09/23 07:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WESTBRASS.COM&13.xml
[2005/07/08 11:55:49 | 000,016,180 | ---- | C] () -- C:\WINDOWS\lu.dat
[2005/03/01 16:16:19 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2005/01/20 15:38:05 | 000,024,674 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/01/20 15:38:05 | 000,024,672 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/11/29 08:58:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/11/22 09:27:41 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2004/09/25 17:41:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:11:25 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EKDJJMJM.ini
[2004/07/07 07:52:44 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/07/06 13:56:31 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2004/06/15 16:28:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/05/27 07:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/23 15:00:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2003/11/06 14:26:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\fusioncache.dat
[2003/09/29 10:44:25 | 000,000,870 | ---- | C] () -- C:\WINDOWS\DKAAA2DD.ini
[2003/09/23 15:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/07/16 18:48:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 12:59:37 | 000,000,944 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/16 12:35:46 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2003/07/10 05:03:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/10 05:02:13 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/10 04:56:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/10 04:56:38 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/07/10 04:56:38 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/10 04:51:52 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/10 04:42:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/07/10 04:30:56 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 11:51:12 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/09/03 11:51:12 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/09/03 11:42:36 | 000,435,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 11:35:18 | 000,005,707 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 11:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/17 05:24:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
[2002/04/17 05:17:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
[2002/04/17 05:17:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
[2002/04/17 05:16:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
[2002/04/17 05:16:32 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
[2002/04/17 05:15:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
[2002/04/17 05:15:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
[2002/04/17 05:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
[2002/04/17 05:15:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
[2002/04/17 05:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[2002/04/03 13:01:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2011/06/30 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/29 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/27 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/22 08:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/05/30 13:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/14 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/28 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\FileZilla
[2010/02/22 09:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\iolo
[2006/02/10 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Leadertech
[2004/05/28 07:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Lycos
[2009/02/27 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Nitro PDF
[2011/07/01 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\PriceGong
[2010/11/10 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\SmartDraw
[2007/07/13 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Snapfish
[2007/03/30 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Softros Messenger
[2005/09/23 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\STOPzilla!
[2010/01/27 09:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Uniblue
[2008/06/03 15:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Viewpoint
[2011/07/05 02:03:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/01 08:13:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/02 04:20:02 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/06/17 08:34:00 | 000,032,147 | ---- | M] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif
[2011/06/17 08:34:00 | 000,032,147 | ---- | C] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif

< End of report >

#6
ali.B

Posted 05 July 2011 - 01:48 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/06/17 08:34:00 | 000,032,147 | ---- | M] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif
[2011/06/17 08:34:00 | 000,032,147 | ---- | C] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif
[2008/06/03 15:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 3

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

OTL log
Malwarebytes Results.
Eset scanner report.
Update on how your computer is running

#7
Aerator

Posted 06 July 2011 - 09:48 AM

Member

Topic Starter
Member
23 posts

Here you go -
In general, the system is quite spritely for an old computer -

All processes killed
========== OTL ==========
File \\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif not found.
File \\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif not found.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\sherry\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WESTBRASS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ADMINI~1~WES

User: All Users

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: anita
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: beth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: craig
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DIEGO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eduardo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: irma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: janice
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: justin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: katherine
->Temp folder emptied: 928238579 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 134 bytes

User: lan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: local_usr
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: luba
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: luciano
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: maggie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1287296 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: sherry
->Temp folder emptied: 649982764 bytes
->Temporary Internet Files folder emptied: 662070094 bytes
->Google Chrome cache emptied: 61800014 bytes
->Flash cache emptied: 99986 bytes

User: stephanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ziad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12537055 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39439662 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 465256346 bytes

Total Files Cleaned = 2,690.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.WESTBRASS
->Flash cache emptied: 0 bytes

User: ADMINI~1~WES

User: All Users

User: Andrew

User: anita
->Flash cache emptied: 0 bytes

User: beth
->Flash cache emptied: 0 bytes

User: craig

User: Default User

User: DIEGO
->Flash cache emptied: 0 bytes

User: eduardo

User: irma

User: janice
->Flash cache emptied: 0 bytes

User: jeff

User: justin

User: katherine
->Flash cache emptied: 0 bytes

User: lan

User: LocalService

User: local_usr

User: luba

User: luciano
->Flash cache emptied: 0 bytes

User: maggie
->Flash cache emptied: 0 bytes

User: NetworkService

User: sherry
->Flash cache emptied: 0 bytes

User: stephanie
->Flash cache emptied: 0 bytes

User: ziad
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.25.0 log created on 07052011_165107

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sherry\Local Settings\Temp\~DFEE2D.tmp not found!
C:\Documents and Settings\sherry\Local Settings\Temporary Internet Files\Content.Word\~WRF3176.tmp moved successfully.
File\Folder C:\Documents and Settings\sherry\Local Settings\Temporary Internet Files\Content.Word\~WRS0129.tmp not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_62c.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

*********************************************************************************************************

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2011 5:28:25 PM
mbam-log-2011-07-05 (17-28-25).txt

Scan type: Quick scan
Objects scanned: 431605
Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

***********************************************************************************************************

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=000af0a17508ef41a594d00c4f372706
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-06 02:16:53
# local_time=2011-07-05 07:16:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 21006925 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=140357
# found=41
# cleaned=41
# scan_time=5752
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141337.EXE Win32/Toolbar.MyWebSearch.I application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141338.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141339.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141340.DLL a variant of Win32/Toolbar.MyWebSearch.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141341.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141342.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141343.DLL Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141344.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141346.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141347.DLL a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141348.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141349.DLL Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141350.DLL Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141351.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141352.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141353.DLL Win32/Toolbar.MyWebSearch.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141354.DLL Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141355.DLL a variant of Win32/Toolbar.MyWebSearch.M application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141356.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141357.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141361.DLL Win32/Toolbar.MyWebSearch.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141362.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141363.SCR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141364.DLL Win32/Toolbar.MyWebSearch.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141365.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141366.EXE Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141368.DLL Win32/Toolbar.MyWebSearch.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141369.DLL a variant of Win32/Toolbar.MyWebSearch.I application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141370.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141371.DLL Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141372.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141373.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141375.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141376.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141377.EXE Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141378.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141379.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141380.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141391.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0141392.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1197\A0141681.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8
ali.B

Posted 06 July 2011 - 01:46 PM

Trusted Helper

Malware Removal
3,086 posts

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#9
Aerator

Posted 06 July 2011 - 04:20 PM

Member

Topic Starter
Member
23 posts

Here you go Ali.B

OTL logfile created on: 7/6/2011 2:48:40 PM - Run 4
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 532.20 Mb Available Physical Memory | 52.07% Memory free
2.91 Gb Paging File | 2.48 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.59 Gb Free Space | 20.39% Space Free | Partition Type: NTFS
Drive I: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive K: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive R: | 815.33 Gb Total Space | 157.16 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive S: | 815.33 Gb Total Space | 157.16 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive T: | 244.14 Gb Total Space | 234.40 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive U: | 815.33 Gb Total Space | 157.16 Gb Free Space | 19.28% Space Free | Partition Type: NTFS

Computer Name: SHERRY-DESKTOP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
PRC - C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\JfServer.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\PipeMgr.exe (Adobe Systems Incorporated)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (JetFormCentral) -- C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (MpKsl633e2153) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B74F145-6498-4938-A78E-8C6088DE5687}\MpKsl633e2153.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (HPFXBULK) -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys (Hewlett Packard)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

O1 HOSTS File: ([2005/09/23 15:10:34 | 000,003,821 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 33 more lines...
O2 - BHO: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity Toolbar) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} https://wb01/connect...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233956485360 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://now.abs-cbn.c...EasyInstall.cab (ESPluginInstallProgress Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.25 64.80.125.114 64.80.249.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbrass.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/05 16:51:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/02 05:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[2011/06/30 15:55:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/30 13:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 13:51:19 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 13:51:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/30 13:29:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 14:30:12 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122UA.job
[2011/07/06 14:25:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 12:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 12:19:01 | 000,011,753 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016310 HARBIL.pdf
[2011/07/06 10:56:46 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016311 POS.pdf
[2011/07/06 10:49:27 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Crystal Reports XI.lnk
[2011/07/06 09:51:03 | 000,027,860 | ---- | M] () -- \\wb01\users\sherry\My Documents\PO# 7619383 7619386.pdf
[2011/07/06 09:23:20 | 000,012,121 | ---- | M] () -- \\wb01\users\sherry\My Documents\5186093 062211.pdf
[2011/07/06 09:22:39 | 000,023,360 | ---- | M] () -- \\wb01\users\sherry\My Documents\7606488 61711.pdf
[2011/07/06 02:27:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/05 17:30:36 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/05 17:30:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/05 17:30:13 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/05 17:29:35 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/05 17:29:34 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 15:30:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122Core.job
[2011/07/01 15:51:11 | 000,016,928 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016013 HUOSEN.pdf
[2011/07/01 15:47:23 | 000,010,574 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:22:00 | 000,357,503 | ---- | M] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/06/30 16:20:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[2011/06/30 15:56:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/30 13:53:53 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 17:33:17 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 17:33:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Google Chrome.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | M] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | M] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | M] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 15:50:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/22 10:58:37 | 000,010,592 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 16:10:50 | 000,017,661 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | M] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/21 08:47:22 | 000,016,537 | ---- | M] () -- \\wb01\users\sherry\My Documents\packing slip.pdf
[2011/06/17 11:43:20 | 000,011,367 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/17 11:37:26 | 000,014,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/16 16:08:31 | 000,160,136 | ---- | M] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | M] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:09:58 | 000,016,980 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/16 10:13:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:06:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:05:15 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/16 10:05:15 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/15 16:02:42 | 000,018,647 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015971 SOORUN.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 17:04:33 | 000,010,803 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016047 POS.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 16:19:01 | 000,012,796 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:11:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/10 16:36:50 | 000,010,704 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | M] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | M] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | M] () -- \\wb01\users\sherry\My Documents\a
[2011/06/08 14:49:28 | 000,026,952 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/08 14:34:34 | 000,014,264 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015900 TUBETECH REVISED.pdf
[2011/06/07 13:19:10 | 000,046,128 | ---- | M] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 11:28:18 | 000,011,753 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016310 HARBIL.pdf
[2011/07/06 10:56:46 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016311 POS.pdf
[2011/07/06 09:51:03 | 000,027,860 | ---- | C] () -- \\wb01\users\sherry\My Documents\PO# 7619383 7619386.pdf
[2011/07/06 09:23:20 | 000,012,121 | ---- | C] () -- \\wb01\users\sherry\My Documents\5186093 062211.pdf
[2011/07/06 09:22:38 | 000,023,360 | ---- | C] () -- \\wb01\users\sherry\My Documents\7606488 61711.pdf
[2011/07/01 15:47:23 | 000,010,574 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:22:00 | 000,357,503 | ---- | C] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/06/30 13:51:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 16:07:26 | 000,011,059 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | C] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | C] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | C] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 10:58:37 | 000,010,592 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | C] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/17 11:43:19 | 000,011,367 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/16 16:08:30 | 000,160,136 | ---- | C] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | C] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:43:49 | 000,017,661 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:36:32 | 000,014,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/10 16:36:50 | 000,010,704 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015987 SIMMONS.pdf
[2011/06/10 15:50:28 | 000,012,796 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/09 16:51:00 | 000,104,555 | ---- | C] () -- \\wb01\users\sherry\My Documents\b.jpg
[2011/06/09 16:50:00 | 000,124,150 | ---- | C] () -- \\wb01\users\sherry\My Documents\a.jpg
[2011/06/09 16:48:00 | 000,309,446 | ---- | C] () -- \\wb01\users\sherry\My Documents\a
[2011/06/09 16:32:14 | 000,016,980 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/08 14:49:28 | 000,026,952 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015902 NINGBO - bath & shower drains& closet flanges-revised.pdf
[2011/06/08 14:39:10 | 000,021,203 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015908 RXIAMEN - Toilet parts-revised.pdf
[2011/06/08 14:37:00 | 000,016,308 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015904 NINGBO - Tubular parts-revised.pdf
[2011/06/08 14:35:51 | 000,017,584 | ---- | C] () -- \\wb01\users\sherry\My Documents\6015905 RXIAMEN - Shower Acces- Revised.pdf
[2011/06/07 13:19:09 | 000,046,128 | ---- | C] () -- \\wb01\users\sherry\My Documents\RE New Product Upload - updates.htm
[2010/02/22 08:56:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/11/06 13:07:36 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/19 12:59:58 | 000,006,565 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\PrimoPDFSet.xml
[2009/02/19 12:48:48 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/12/16 12:21:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8220.ini
[2008/12/16 11:15:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/16 11:15:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/09 13:07:13 | 000,001,318 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/09 12:59:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2008/12/09 12:59:25 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dat
[2007/12/24 14:03:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\modern.exe
[2007/06/18 10:44:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/04/24 14:25:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2006/01/12 16:09:31 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 16:48:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/01/11 16:48:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/01/11 16:48:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/01/11 16:48:53 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/12/07 13:20:11 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/09/23 07:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WESTBRASS.COM&13.xml
[2005/07/08 11:55:49 | 000,016,180 | ---- | C] () -- C:\WINDOWS\lu.dat
[2005/03/01 16:16:19 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2005/01/20 15:38:05 | 000,024,674 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/01/20 15:38:05 | 000,024,672 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/11/29 08:58:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/11/22 09:27:41 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2004/09/25 17:41:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:11:25 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EKDJJMJM.ini
[2004/07/07 07:52:44 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/07/06 13:56:31 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2004/06/15 16:28:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/05/27 07:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/23 15:00:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2003/11/06 14:26:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\fusioncache.dat
[2003/09/29 10:44:25 | 000,000,870 | ---- | C] () -- C:\WINDOWS\DKAAA2DD.ini
[2003/09/23 15:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/07/16 18:48:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 12:59:37 | 000,000,944 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/16 12:35:46 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2003/07/10 05:03:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/10 05:02:13 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/10 04:56:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/10 04:56:38 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/07/10 04:56:38 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/10 04:51:52 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/10 04:42:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/07/10 04:30:56 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 11:51:12 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/09/03 11:51:12 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/09/03 11:42:36 | 000,435,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 11:35:18 | 000,005,707 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 11:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/17 05:24:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
[2002/04/17 05:17:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
[2002/04/17 05:17:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
[2002/04/17 05:16:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
[2002/04/17 05:16:32 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
[2002/04/17 05:15:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
[2002/04/17 05:15:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
[2002/04/17 05:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
[2002/04/17 05:15:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
[2002/04/17 05:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[2002/04/03 13:01:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2011/06/30 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/29 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/27 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/22 08:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/05/30 13:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/14 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/28 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\FileZilla
[2010/02/22 09:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\iolo
[2006/02/10 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Leadertech
[2004/05/28 07:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Lycos
[2009/02/27 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Nitro PDF
[2011/07/06 07:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\PriceGong
[2010/11/10 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\SmartDraw
[2007/07/13 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Snapfish
[2007/03/30 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Softros Messenger
[2005/09/23 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\STOPzilla!
[2010/01/27 09:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Uniblue
[2011/07/06 02:27:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/05 17:30:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/05 17:30:36 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/06/17 08:34:00 | 000,032,147 | ---- | M] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif
[2011/06/17 08:34:00 | 000,032,147 | ---- | C] ()(\\wb01\users\sherry\My Documents\????img-613191745-192168001012-0000000956-1106131917.tif) -- \\wb01\users\sherry\My Documents\法律文书img-613191745-192168001012-0000000956-1106131917.tif

< End of report >

#10
ali.B

Posted 06 July 2011 - 04:34 PM

Trusted Helper

Malware Removal
3,086 posts

hi

download the attached Fix.txt

Run OTL

copy the content of Fix.txt under the Custom Scans/Fixes box

Click Run Fix.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#11
ali.B

Posted 11 July 2011 - 08:42 AM

Trusted Helper

Malware Removal
3,086 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#12
ali.B

Posted 11 July 2011 - 12:58 PM

Trusted Helper

Malware Removal
3,086 posts

topic reopened per user request

post the logs

#13
ali.B

Posted 11 July 2011 - 01:05 PM

Trusted Helper

Malware Removal
3,086 posts

here is the attached file

Attached Files

Fix.txt 954bytes 197 downloads

#14
Aerator

Posted 11 July 2011 - 02:02 PM

Member

Topic Starter
Member
23 posts

Thanks ali.B

OTL logfile created on: 7/11/2011 12:23:43 PM - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 615.07 Mb Available Physical Memory | 60.18% Memory free
2.91 Gb Paging File | 2.57 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.87 Gb Free Space | 21.16% Space Free | Partition Type: NTFS
Drive I: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive K: | 221.62 Gb Total Space | 111.81 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive R: | 815.33 Gb Total Space | 144.61 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive S: | 815.33 Gb Total Space | 144.61 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive T: | 244.14 Gb Total Space | 234.40 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive U: | 815.33 Gb Total Space | 144.61 Gb Free Space | 17.74% Space Free | Partition Type: NTFS

Computer Name: SHERRY-DESKTOP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
PRC - C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\JfServer.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Central\Bin\PipeMgr.exe (Adobe Systems Incorporated)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sherry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll (LogMeIn, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\davclnt.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (JetFormCentral) -- C:\Program Files\Adobe\Central\Control\jfservic.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (MpKslf9833efe) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3ECEFE75-7257-436C-AF1B-20615B94FFB4}\MpKslf9833efe.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (HPFXBULK) -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys (Hewlett Packard)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

O1 HOSTS File: ([2005/09/23 15:10:34 | 000,003,821 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 33 more lines...
O2 - BHO: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity Toolbar) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Program Files\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} https://wb01/connect...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233956485360 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://now.abs-cbn.c...EasyInstall.cab (ESPluginInstallProgress Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.25 64.80.125.114 64.80.249.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbrass.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/05 16:51:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/02 05:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[2011/06/30 15:55:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/30 13:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 13:51:19 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 13:51:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/30 13:29:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 12:30:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122UA.job
[2011/07/11 12:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 12:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 02:20:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/10 15:30:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484763869-839522115-1122Core.job
[2011/07/09 04:20:01 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/08 11:52:37 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Crystal Reports XI.lnk
[2011/07/08 08:06:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/08 08:06:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/08 08:05:38 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/08 08:05:37 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 16:13:14 | 000,013,627 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/07/07 16:02:00 | 001,545,301 | ---- | M] () -- \\wb01\users\sherry\My Documents\D308-26_def1.jpg
[2011/07/07 16:02:00 | 001,476,557 | ---- | M] () -- \\wb01\users\sherry\My Documents\D308-26_def2.jpg
[2011/07/07 15:07:40 | 000,011,081 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016313 SIMMONS.pdf
[2011/07/07 15:06:35 | 000,012,469 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016314 XIAMEN TUBETECH.pdf
[2011/07/07 09:11:21 | 000,010,625 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016312 ZURIER.pdf
[2011/07/06 12:19:01 | 000,011,753 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016310 HARBIL.pdf
[2011/07/06 10:56:46 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016311 POS.pdf
[2011/07/06 09:51:03 | 000,027,860 | ---- | M] () -- \\wb01\users\sherry\My Documents\PO# 7619383 7619386.pdf
[2011/07/06 09:23:20 | 000,012,121 | ---- | M] () -- \\wb01\users\sherry\My Documents\5186093 062211.pdf
[2011/07/06 09:22:39 | 000,023,360 | ---- | M] () -- \\wb01\users\sherry\My Documents\7606488 61711.pdf
[2011/07/01 15:51:11 | 000,016,928 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016013 HUOSEN.pdf
[2011/07/01 15:47:23 | 000,010,574 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:22:00 | 000,357,503 | ---- | M] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/06/30 16:20:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sherry\Desktop\OTL.exe
[2011/06/30 15:56:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/30 13:53:53 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 17:33:17 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 17:33:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\sherry\Desktop\Google Chrome.lnk
[2011/06/29 15:19:51 | 000,011,145 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | M] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | M] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | M] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 15:50:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/22 10:58:37 | 000,010,592 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 16:10:50 | 000,017,661 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | M] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/21 08:47:22 | 000,016,537 | ---- | M] () -- \\wb01\users\sherry\My Documents\packing slip.pdf
[2011/06/17 11:43:20 | 000,011,367 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/17 11:37:26 | 000,014,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2011/06/16 16:08:31 | 000,160,136 | ---- | M] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | M] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:09:58 | 000,016,980 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER NINGBO.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/16 10:13:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:06:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:05:15 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/16 10:05:15 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/15 16:02:42 | 000,018,647 | ---- | M] () -- \\wb01\users\sherry\My Documents\6015971 SOORUN.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 17:04:33 | 000,010,803 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016047 POS.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 16:19:01 | 000,012,796 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016118 INNOVALUE.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | M] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | M] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:11:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 \\wb01\users\sherry\My Documents\*.tmp files -> \\wb01\users\sherry\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 16:02:00 | 001,545,301 | ---- | C] () -- \\wb01\users\sherry\My Documents\D308-26_def1.jpg
[2011/07/07 16:02:00 | 001,476,557 | ---- | C] () -- \\wb01\users\sherry\My Documents\D308-26_def2.jpg
[2011/07/07 15:07:40 | 000,011,081 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016313 SIMMONS.pdf
[2011/07/07 15:06:35 | 000,012,469 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016314 XIAMEN TUBETECH.pdf
[2011/07/07 09:11:21 | 000,010,625 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016312 ZURIER.pdf
[2011/07/06 11:28:18 | 000,011,753 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016310 HARBIL.pdf
[2011/07/06 10:56:46 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016311 POS.pdf
[2011/07/06 09:51:03 | 000,027,860 | ---- | C] () -- \\wb01\users\sherry\My Documents\PO# 7619383 7619386.pdf
[2011/07/06 09:23:20 | 000,012,121 | ---- | C] () -- \\wb01\users\sherry\My Documents\5186093 062211.pdf
[2011/07/06 09:22:38 | 000,023,360 | ---- | C] () -- \\wb01\users\sherry\My Documents\7606488 61711.pdf
[2011/07/01 15:47:23 | 000,010,574 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016307 HUOSEN.pdf
[2011/07/01 13:36:09 | 000,010,517 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016306 HYDRO SYSTEMS.pdf
[2011/07/01 08:22:00 | 000,357,503 | ---- | C] () -- \\wb01\users\sherry\My Documents\cable drive handle.jpg
[2011/06/30 13:51:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/30 13:51:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 16:07:26 | 000,013,627 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016287 RUNNER NINGBO.pdf
[2011/06/29 15:19:51 | 000,011,145 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016299 POS _KB.pdf
[2011/06/29 12:56:34 | 000,011,724 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016295.pdf
[2011/06/29 12:29:58 | 000,013,951 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016290 LARSEN.pdf
[2011/06/29 11:01:14 | 000,018,672 | ---- | C] () -- \\wb01\users\sherry\My Documents\YOW SS1 & BELL1 Credit.pdf
[2011/06/29 10:17:07 | 000,009,987 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016291 HYDRO SYSTEMS.pdf
[2011/06/29 08:48:45 | 000,010,540 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016288 POS PUSA.pdf
[2011/06/28 16:25:30 | 000,016,098 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016286 YUHUAN KANGYU.pdf
[2011/06/28 15:45:34 | 000,000,458 | ---- | C] () -- \\wb01\users\sherry\My Documents\Iraj Dardashti.vcf
[2011/06/24 15:21:47 | 000,011,317 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016270 RUNNER - FILTER.pdf
[2011/06/24 13:23:43 | 000,000,301 | ---- | C] () -- \\wb01\users\sherry\My Documents\My Documents.lnk
[2011/06/24 13:18:48 | 000,010,625 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016269 ZURIER.pdf
[2011/06/24 10:19:18 | 000,011,077 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016262 POS.pdf
[2011/06/22 10:58:37 | 000,010,592 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016230 EZ-FLO.pdf
[2011/06/21 11:26:31 | 000,010,783 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIL REVISED.pdf
[2011/06/21 10:44:14 | 000,009,946 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016193 HARBIl.pdf
[2011/06/21 09:56:26 | 000,010,580 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016192 EZFLO.pdf
[2011/06/21 09:07:41 | 000,012,312 | ---- | C] () -- \\wb01\users\sherry\My Documents\81776-000.pdf
[2011/06/17 11:43:19 | 000,011,367 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016139 BERWEN.pdf
[2011/06/16 16:08:30 | 000,160,136 | ---- | C] () -- \\wb01\users\sherry\My Documents\Heelo Claim_Form.pdf
[2011/06/16 16:03:50 | 000,143,854 | ---- | C] () -- \\wb01\users\sherry\My Documents\DHL Claim_Form.pdf
[2011/06/16 15:28:30 | 000,010,531 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016140 SOORUN 798-CAP.pdf
[2011/06/16 15:04:49 | 000,010,032 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016138 HARBIL.pdf
[2011/06/15 16:00:59 | 000,013,298 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016123 SOORUN.pdf
[2011/06/15 15:43:49 | 000,017,661 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016028 RUNNER REVISED.pdf
[2011/06/15 15:21:17 | 000,010,161 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016105 HARBIL.pdf
[2011/06/14 16:48:14 | 000,010,690 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016124 SOORUN DISPOSAL PARTS.pdf
[2011/06/14 15:59:09 | 000,013,888 | ---- | C] () -- \\wb01\users\sherry\My Documents\6016122 KAIPING HEELO.pdf
[2011/06/14 14:29:00 | 000,365,608 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF2.jpg
[2011/06/14 14:28:00 | 000,337,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\D3316-DEF1.JPG
[2011/06/14 12:36:32 | 000,014,782 | ---- | C] () -- \\wb01\users\sherry\My Documents\TOTO RMA.pdf
[2010/02/22 08:56:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/11/06 13:07:36 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/19 12:59:58 | 000,006,565 | ---- | C] () -- C:\Documents and Settings\sherry\Application Data\PrimoPDFSet.xml
[2009/02/19 12:48:48 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/12/16 12:21:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8220.ini
[2008/12/16 11:15:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/16 11:15:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/09 13:07:13 | 000,001,318 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/09 12:59:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2008/12/09 12:59:25 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dat
[2007/12/24 14:03:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\modern.exe
[2007/06/18 10:44:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/04/24 14:25:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2006/01/12 16:09:31 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 16:48:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/01/11 16:48:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/01/11 16:48:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/01/11 16:48:53 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/12/07 13:20:11 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/09/23 07:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WESTBRASS.COM&13.xml
[2005/07/08 11:55:49 | 000,016,180 | ---- | C] () -- C:\WINDOWS\lu.dat
[2005/03/01 16:16:19 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2005/01/20 15:38:05 | 000,024,674 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/01/20 15:38:05 | 000,024,672 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/11/29 08:58:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/11/22 09:27:41 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2004/09/25 17:41:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:11:25 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EKDJJMJM.ini
[2004/07/07 07:52:44 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/07/06 13:56:31 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2004/06/15 16:28:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/05/27 07:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/23 15:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/23 15:00:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2003/11/06 14:26:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\sherry\Local Settings\Application Data\fusioncache.dat
[2003/09/29 10:44:25 | 000,000,870 | ---- | C] () -- C:\WINDOWS\DKAAA2DD.ini
[2003/09/23 15:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/07/16 18:48:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 12:59:37 | 000,000,944 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/16 12:35:46 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2003/07/10 05:03:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/10 05:02:13 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/10 04:56:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/10 04:56:38 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/07/10 04:56:38 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/10 04:51:52 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/10 04:42:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/07/10 04:30:56 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 11:51:12 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/09/03 11:51:12 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/09/03 11:42:36 | 000,435,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 11:35:18 | 000,005,707 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 11:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/17 05:24:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
[2002/04/17 05:17:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
[2002/04/17 05:17:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
[2002/04/17 05:16:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
[2002/04/17 05:16:32 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
[2002/04/17 05:15:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
[2002/04/17 05:15:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
[2002/04/17 05:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
[2002/04/17 05:15:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
[2002/04/17 05:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[2002/04/03 13:01:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2011/06/30 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/29 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/27 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/22 08:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/05/30 13:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/14 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/28 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\FileZilla
[2010/02/22 09:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\iolo
[2006/02/10 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Leadertech
[2004/05/28 07:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Lycos
[2009/02/27 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Nitro PDF
[2011/07/06 07:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\PriceGong
[2010/11/10 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\SmartDraw
[2007/07/13 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Snapfish
[2007/03/30 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Softros Messenger
[2005/09/23 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\STOPzilla!
[2010/01/27 09:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sherry\Application Data\Uniblue
[2011/07/11 02:20:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/08 08:06:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/09 04:20:01 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

< End of report >

#15
ali.B

Posted 11 July 2011 - 02:34 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Congratulations your logs appear clean

Reset and Re-enable your System Restore

Open OTL
Under the Custom Scans/Fixes box at the bottom, paste the following:
```
:Commands
[clearallrestorepoints]
[createrestorepoint]
```
Click the Run Fix button at the top
It might ask you to reboot, if so click YES

NEXT

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

Keep Your windows up to date by regularly checking their website at:
http://windowsupdate.microsoft.com/
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Click Here to learn how to keep a backup of your important files
FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.