Please help!

Wed 4 Oct 2006 26,112 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
 
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
 
"C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"

Finished!
 
and here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:11 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13982 bytes
 
Do you know anything about these folders ?
C:\F\F\F
They seem so go back a long time if the dates are correct.

Do you have the IE tab addon for Firefox ? if yes, then use Kaspersky with that.
 
Last edited:
No, I've been having to search for files and finding multiple versions of them with up to ten "F"'s in front of the filename and don't know why. That's been going on for a few months now though. I think I got this laptop last April so it may have even started that far back.
 
I did get IE to work, but the Kaspersky won't run because I have a symantec scan installed and it won't let me remove that.
 
Upload a File
Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\\DeadAIM.ocm
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\drivers\etFilter.sys
C:\WINDOWS\system32\etVFW.dll

Go to spykiller

Please start a new threadand give a the following information
  • Name:-- Your name
  • E-mail:-- Your E-mail (this is confidential and will not be displayed)
  • Subject:-- O4 infected files ? for Katana/Mosaic
In the main text window please put the following link
Code: 
http://forums.spybot.info/showthread.php?p=149870#post149870
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.

Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files
 
Thanks, we think we may have found the problem.
please can we have some more ??

Run suspicious file packer again, and paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\users32.dat

Go to spykiller

Please start a new threadand give a the following information
  • Name:-- Your name
  • E-mail:-- Your E-mail (this is confidential and will not be displayed)
  • Subject:-- Katana/Mosaic full set
In the main text window please put the following link
Code: 
http://forums.spybot.info/showthread.php?p=149870#post149870
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.

Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files[/QUOTE]

============================================================================================

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    http://forums.spybot.info/showthread.php?p=149870#post149870
Comment:: Katana/Mosaic
Collect::[4]
C:\WINDOWS\system32\users32.dat

Suspect::[4]
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
  • Save this as CFScript.txt and place it on your desktop.


    CFScript.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
  • A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
  • Click OK and follow the instructions to submit the file.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
 
ok, I got the kaspersky scan to run and here is the report from that. I'm running the new CF scan now.

Thursday, January 03, 2008 9:03:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/01/2008
Kaspersky Anti-Virus database records: 502255
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
 
Scan Statistics
Total number of scanned objects 80755
Number of viruses found 11
Number of infected objects 50
Number of suspicious objects 0
Duration of the scan process 01:07:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA80000\4FACFD9E.VBN Infected: Trojan-PSW.Win32.OnLineGames.fwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400001\57496114.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400002\57496257.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400003\5749685B.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400004\57496DF6.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400005\574973D2.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400006\574979B6.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400007\57497F8A.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400008\57498565.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400009\57498B45.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000A\5749911F.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000B\574996FB.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000C\57499CD7.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000D\5749A2B4.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000E\5749A896.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000F\5749AE79.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400010\5749B453.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400011\5749BA22.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400012\5749BFFE.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400013\5749C617.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400014\5749CC13.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400015\5749D1B8.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400016\5749D793.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400017\5749DD50.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400018\5749E32C.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400019\5749E91D.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540001A\5749F16E.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540001B\5749F855.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15AC0000\57FF5224.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17600003\5772E94C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17600004\57786110.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Aim\biogurl06\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Aim\biogurl06\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2008-01-03_17_02].cab/C:/WINDOWS/system32/users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2008-01-03_17_02].cab CAB: infected - 1 skipped
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Pop3.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\ruexchange.radford.edu - Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Smtp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
 
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\NAILogs\UpdaterUI_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_ce0.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\History\History.IE5\MSHist012008010320080104\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Downloads\TheGameOfLife-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0092NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0332NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\install.exe.vir Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\suspend.exe.vir Infected: Trojan-Downloader.Win32.Wixud.n skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP205\A0011814.exe Infected: Trojan-Downloader.Win32.Small.hcc skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP205\A0011958.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP241\A0013389.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP243\A0013485.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0014485.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0014524.exe Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0016532.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0016557.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP245\A0016688.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP246\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP249\A0018816.exe Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP249\A0018818.exe Infected: Trojan-Downloader.Win32.Wixud.n skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP252\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6F70F626-E1E9-4C15-B211-B0BCD6B6EAF4}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETDD50.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
ComboFix 07-12-31.4 - Owner 2008-01-03 21:20:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.420 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript2.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\users32.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 14:18 . 2008-01-03 14:18 <DIR> d-------- C:\KAV
2008-01-02 10:51 . 2008-01-02 10:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 09:46 . 2008-01-02 09:46 <DIR> d-------- C:\Deckard
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-20 18:38 . 2007-12-20 18:38 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 02:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-04 02:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:20 --------- d-----w C:\Program Files\Apoint
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 21:57 8,477 ----a-w C:\WINDOWS\system32\ksvcl.dll
2007-12-31 21:57 26,120 ----a-w C:\WINDOWS\system32\kcopt.dll
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-02 15:51:54 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:55 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-02 15:51:30 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:30 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-02 16:35:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 15:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 17:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-30 17:36 8720384 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2008-01-01 18:19 1065800 --a------ C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 21:26:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 21:31:10
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 02:31:06
C:\qoobox\ComboFix2.txt 2008-01-02 13:11:42
C:\qoobox\ComboFix3.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
 
Thank you very much for your prompt cooperation :D:

I am going to remove some programs from startup as they have been infected, I will give you details of some that you will need to reinstall before we finish.

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    http://forums.spybot.info/showthread.php?p=150701#post150701

Comment:: Katana

Suspect::[4]
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\kcopt.dll

File::
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\kcopt.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=-
"SonyPowerCfg"=-
"ISBMgr.exe"=-
"Switcher.exe"=-
"igfxpers"=-
"McAfeeUpdaterUI"=-
"VAIO Update 3"=-
"vptray"=-
"ccApp"=-
"VAIOCameraUtility"=-
"SunJavaUpdateSched"=-
"igfxtray"=-
"Apoint"=-
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=-
  • Save this as CFScript.txt and place it on your desktop.


    CFScript.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
  • A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
  • Click OK and follow the instructions to submit the file.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now we would like some more files from you please.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it reglook.bat Please save it on your desktop.

reg save HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep C:\beep.hiv

regedit /e /a C:\beep.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep
del /q reglook.bat
exit
Click to expand...
Double click on reglook.bat

A window will open, and then close on it's own. When it has closed please continue with the following instructions.


Upload a File
Open suspicious file packer again and paste in the list of files below, then press next
C:\beep.hiv
C:\beep.txt

Go to spykiller

Please start a new thread and give the following information
  • Name:-- Your name
  • E-mail:-- Your E-mail (this is confidential and will not be displayed)
  • Subject:-- Reglook for Cretemonster
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=150701#post150701
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
 
ComboFix 07-12-31.4 - Owner 2008-01-05 2:56:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript3.txt
* Created a new restore point

FILE
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 14:18 . 2008-01-03 14:18 <DIR> d-------- C:\KAV
2008-01-02 10:51 . 2008-01-02 10:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 09:46 . 2008-01-02 09:46 <DIR> d-------- C:\Deckard
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-20 18:38 . 2007-12-20 18:38 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 04:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-04 02:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:20 --------- d-----w C:\Program Files\Apoint
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-02 15:51:54 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:55 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-02 15:51:30 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:30 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-02 16:35:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 15:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 17:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-30 17:36 8720384 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2008-01-01 18:19 1065800 --a------ C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 03:01:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 3:06:46
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-05 08:06:43
C:\qoobox\ComboFix2.txt 2008-01-04 02:31:11
C:\qoobox\ComboFix3.txt 2008-01-02 13:11:42
C:\qoobox\ComboFix4.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
 
You need to uninstall the following and reinstall them from a fresh download.

McAfee
Symantec
(You only want to install one of the above, but you need to uninstall both.

Google uninstall all programs and reinstall.

Java Runtime Environment (JRE) 6u3

find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.

@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
dir /a "hkcmd.exe >> C:\look.txt
dir /a "SPMgr.exe" >> C:\look1.txt
dir /a "ISBMgr.exe" >> C:\look2.txt
dir /a "Switcher.exe" >> C:\look3.txt
dir /a "igfxpers.exe" >> C:\look4.txt
dir /a "VAIOUpdt.exe" >> C:\look5.txt
dir /a "VCUServe.exe >> C:\look6.txt
dir /a "igfxtray.exe >> C:\look7.txt
dir /a "Apoint.exe >> C:\look8.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
Click to expand...

Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.
 
Remove McAfee

Please click HERE and follow the instructions to download and run the Mcafee removal tool

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool
 
ok, I got McAfee removed, but the Norton removal tool says I have to remove it through Add/Remove Programs before I can use that removal tool. When I go to Add/Remove Programs it lists it there but doesn't give me a Remove option.
 
You must log in or register to reply here.
Back
Top