rushenee
2008-08-21, 15:19
I have 3 profiles in my internet explorer group (listed by group on quarantine page) that I cannot identify. They appeared when I used the quarantine process. I think other people are using my computer without my knowledge. There are also a couple of suspect entries that I'd like to remove from my registry. Please let me know what else I can provide. My HijackThis file and my spybot file are included. Thanks.:bigthumb:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:49 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\hh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\Program Files\Microsoft Works\WksSS.exe
c:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25088DC1-7708-4FD3-8EF6-05D2EF7BFCB2} - C:\WINDOWS\addins\actrul.dll (file missing)
O2 - BHO: (no name) - {48ECB5DA-5EBC-4513-91AA-1E9D83048BFD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Asovifa] "C:\Documents and Settings\Jenn\Application Data\??sembly\ntvdm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1\bin\SCREEN~1.SH! C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1\bin.SH! C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1.SH! C:\Recycler\S-1-5-~4\Dc3.SH! C:\Recycler\S-1-5-~4\Dc2\WinAV.SH! C:\Recycler\S-1-5-~4\Dc2\WAV6COM.SH! C:\Recycler\S-1-5-~4\Dc2\rpt.SH! C:\Recycler\S-1-5-~4\Dc2\avkernel.SH! C:\Recycler\S-1-5-~4\Dc2.SH! C:\Recycler\S-1-5-~4\Dc1\WapCHK.SH! C:\Recycler\S-1-5-~4\Dc1.SH! C:\DOCUME~1\mom\LOCALS~1\Temp\TEMP~1.SH!
O4 - HKUS\S-1-5-21-2422301013-1056591496-1896090915-1013\..\Policies\Explorer\Run: [{546D0D5F-0834-1033-0209-040804030001}] "C:\Program Files\Common Files\{546D0D5F-0834-1033-0209-040804030001}\Update.exe" mc-110-12-0000272 (User 'Jenn')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O20 - Winlogon Notify: winqne32 - winqne32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10568 bytes
--------------------------------------------------------------------------
Hint of the Day: Click the bar at the right of this to see more information! ()
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
FastClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Google Toolbar: [SBI $90AAEEF1] Recent search list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Google\NavClient\1.1\History
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $D5C3373A] AutoComplete data (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Internet Explorer\IntelliForms\SPW
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E9FF5346] Recent URL list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\Player\RecentURLList
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $D8642806] Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: [SBI $3B9B7B9A] Last CD record path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath
MS Media Player: [SBI $3B46EBCE] Manually modified tags history (43 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS Media Player: [SBI $3B46EBCE] Manually modified tags history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $397BF56C] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Excel\Recent Templates
MS Office 11.0 (Outlook): [SBI $51367364] Typed search term history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Outlook\Office Finder
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (PowerPoint): [SBI $45221EA4] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\Recent Templates
MS Office 11.0 (PowerPoint): [SBI $C04A11CB] Recent template list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\RecentTemplateList
MS Office 11.0 (Publisher): [SBI $52D0C0B4] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Publisher\Recent File List
MS Office 11.0 (Word): [SBI $B20A0DE3] Agenda wizard details (21 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Word\Wizards\Agenda Wizard
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $A45AF00A] Recent page list (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
MS Frontpage: [SBI $A45AF00A] Recent page list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $C59EB1BF] Navigation history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\Navigation\MRUList
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F6D91293] Open with list - .AI extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList
Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: [SBI $50F69B2B] Open with list - .AU extension (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (10 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (103 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (106 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (27 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $7308A845] Run history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $7308A845] Run history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (49 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (22 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (27 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (19 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (41 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (1460 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (347 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (55 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (26 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (21 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (17) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (289) (Cache, nothing done)
History: [SBI $49804B54] History (6) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (783) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (805) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (13) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (936) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-08-20 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-08-14 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-08-14 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-08-14 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi
2008-08-19 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-08-05 Includes\DialerC.sbi
2008-07-22 Includes\HeavyDuty.sbi
2008-08-19 Includes\Hijackers.sbi
2008-08-19 Includes\HijackersC.sbi
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-19 Includes\Malware.sbi
2008-08-19 Includes\MalwareC.sbi
2008-08-05 Includes\PUPS.sbi
2008-08-19 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi (*)
2008-08-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-08-11 Includes\Spyware.sbi
2008-08-11 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti (*)
2008-08-05 Includes\Trojans.sbi (*)
2008-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:49 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\hh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\Program Files\Microsoft Works\WksSS.exe
c:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25088DC1-7708-4FD3-8EF6-05D2EF7BFCB2} - C:\WINDOWS\addins\actrul.dll (file missing)
O2 - BHO: (no name) - {48ECB5DA-5EBC-4513-91AA-1E9D83048BFD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Asovifa] "C:\Documents and Settings\Jenn\Application Data\??sembly\ntvdm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1\bin\SCREEN~1.SH! C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1\bin.SH! C:\Recycler\S-1-5-~4\Dc3.com\INSTAL~1.SH! C:\Recycler\S-1-5-~4\Dc3.SH! C:\Recycler\S-1-5-~4\Dc2\WinAV.SH! C:\Recycler\S-1-5-~4\Dc2\WAV6COM.SH! C:\Recycler\S-1-5-~4\Dc2\rpt.SH! C:\Recycler\S-1-5-~4\Dc2\avkernel.SH! C:\Recycler\S-1-5-~4\Dc2.SH! C:\Recycler\S-1-5-~4\Dc1\WapCHK.SH! C:\Recycler\S-1-5-~4\Dc1.SH! C:\DOCUME~1\mom\LOCALS~1\Temp\TEMP~1.SH!
O4 - HKUS\S-1-5-21-2422301013-1056591496-1896090915-1013\..\Policies\Explorer\Run: [{546D0D5F-0834-1033-0209-040804030001}] "C:\Program Files\Common Files\{546D0D5F-0834-1033-0209-040804030001}\Update.exe" mc-110-12-0000272 (User 'Jenn')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O20 - Winlogon Notify: winqne32 - winqne32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10568 bytes
--------------------------------------------------------------------------
Hint of the Day: Click the bar at the right of this to see more information! ()
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
FastClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Google Toolbar: [SBI $90AAEEF1] Recent search list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Google\NavClient\1.1\History
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $D5C3373A] AutoComplete data (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Internet Explorer\IntelliForms\SPW
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E9FF5346] Recent URL list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\Player\RecentURLList
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $D8642806] Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: [SBI $3B9B7B9A] Last CD record path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath
MS Media Player: [SBI $3B46EBCE] Manually modified tags history (43 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS Media Player: [SBI $3B46EBCE] Manually modified tags history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $397BF56C] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Excel\Recent Templates
MS Office 11.0 (Outlook): [SBI $51367364] Typed search term history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Office\11.0\Outlook\Office Finder
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (PowerPoint): [SBI $45221EA4] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\Recent Templates
MS Office 11.0 (PowerPoint): [SBI $C04A11CB] Recent template list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\PowerPoint\RecentTemplateList
MS Office 11.0 (Publisher): [SBI $52D0C0B4] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Publisher\Recent File List
MS Office 11.0 (Word): [SBI $B20A0DE3] Agenda wizard details (21 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Office\11.0\Word\Wizards\Agenda Wizard
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $A45AF00A] Recent page list (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
MS Frontpage: [SBI $A45AF00A] Recent page list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $C59EB1BF] Navigation history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\FrontPage\Explorer\Navigation\MRUList
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F6D91293] Open with list - .AI extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList
Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: [SBI $50F69B2B] Open with list - .AU extension (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (10 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (103 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (106 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (27 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $7308A845] Run history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $7308A845] Run history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (49 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (22 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (27 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (19 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (41 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (1460 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (347 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (55 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUESTIES LD\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (26 files) (Registry key, nothing done)
HKEY_USERS\PE_C_JENN\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (21 files) (Registry key, nothing done)
HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2422301013-1056591496-1896090915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (17) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (289) (Cache, nothing done)
History: [SBI $49804B54] History (6) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (783) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (805) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (13) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (936) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-08-20 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-08-14 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-08-14 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-08-14 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi
2008-08-19 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-08-05 Includes\DialerC.sbi
2008-07-22 Includes\HeavyDuty.sbi
2008-08-19 Includes\Hijackers.sbi
2008-08-19 Includes\HijackersC.sbi
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-19 Includes\Malware.sbi
2008-08-19 Includes\MalwareC.sbi
2008-08-05 Includes\PUPS.sbi
2008-08-19 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi (*)
2008-08-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-08-11 Includes\Spyware.sbi
2008-08-11 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti (*)
2008-08-05 Includes\Trojans.sbi (*)
2008-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll