As per the NEW INSTRUCTIONS from Virus/Trojan/Spyware Removal Help from techsupportforum
DDS (Ver_09-12-01.01) - NTFSx86
Run by Trever Good at 16:50:38.67 on Mon 01/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1677 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Trever Good\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636
f6d2f
uStart Page =
https://www6.glic.com/gol/homepage/login.aspxuInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://www6.glic.com/gol/Virtual%20University/cab/awswaxm.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.glic.com/gol/common/scripts/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} - hxxps://www6.glic.com/gol/Common/Scripts/GuardianDownload.CAB
DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} - hxxps://www6.glic.com/gol/GuardianHelp/Scripts/ctlDownloadHelp_2.CAB
DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} - hxxps://www6.glic.com/gol/GuardianHelp/scripts/ctlshowHelp_3.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://www6.glic.com/srvlw1/iNotes6W.cab
DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} - hxxps://www6.glic.com/gol/Common/Cabs/ctlCommonControls.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdash2/DinerDash2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} - hxxps://www6.glic.com/gol/Common/Cabs/GDL_VbRuntime.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdashfloonthego/DinerDashFloGo.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} - hxxp://www.shockwave.com/content/thwartpoker/sis/OrbitalLauncher-2.0.15.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\trever~1\applic~1\mozilla\firefox\profiles\71xjct53.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.weather.com/weather/local/17569?lswe=17569&lwsa=WeatherLocalUndeclared&from=searchbox|http://sections.lancasteronline.com/local/1/9
FF - prefs.js: keyword.URL - hxxp://www.ffsearching.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.ffsearching.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-21 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-21 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-21 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-21 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-21 285392]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2003-10-14 34712]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\documents and settings\trever good\desktop\f-downadup\fsbldrv.sys --> c:\documents and settings\trever good\desktop\f-downadup\fsbldrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-16 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11b.tmp --> c:\windows\system32\11B.tmp [?]
=============== Created Last 30 ================
2010-01-25 21:31:31 0 d-----w- c:\docume~1\trever~1\applic~1\Zen Puzzle Garden
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\yoclient
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\Wildfire
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\ViquaSoft
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\Valusoft
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\URSE Games
2010-01-25 21:31:25 0 d-----w- c:\docume~1\trever~1\applic~1\Uniblue
2010-01-25 21:31:20 0 d-----w- c:\docume~1\trever~1\applic~1\TomTom
2010-01-25 21:31:11 0 d-----w- c:\docume~1\trever~1\applic~1\Super-Cow
2010-01-25 21:30:35 0 d-----w- c:\docume~1\trever~1\applic~1\Simple Star
2010-01-25 21:30:31 0 d-----w- c:\docume~1\trever~1\applic~1\Raptisoft
2010-01-25 21:30:19 0 d-----w- c:\docume~1\trever~1\applic~1\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
2010-01-25 21:30:19 0 d-----w- c:\docume~1\trever~1\applic~1\Pogo Games
2010-01-25 21:30:16 0 d-----w- c:\docume~1\trever~1\applic~1\PDF reDirect
2010-01-25 21:30:16 0 d-----w- c:\docume~1\trever~1\applic~1\PCF-VLC
2010-01-25 21:30:16 0 d-----w- c:\docume~1\trever~1\applic~1\PC-FAX TX
2010-01-25 21:29:55 0 d-----w- c:\docume~1\trever~1\applic~1\Participatory Culture Foundation
2010-01-25 21:29:47 0 d-----w- c:\docume~1\trever~1\applic~1\OpenOffice.org
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\Ludia
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\Kontiki
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\Jane s Hotel
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\iWinArcade
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\iWin_DressUpRush
2010-01-25 21:29:46 0 d-----w- c:\docume~1\trever~1\applic~1\Intuit
2010-01-25 21:29:41 0 d-----w- c:\docume~1\trever~1\applic~1\Home Sweet Home
2010-01-25 21:29:30 0 d-----w- c:\docume~1\trever~1\applic~1\Gamelab
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\GameInvest
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\Gaijin Ent
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\funkitron
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\Free Sound Recorder
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\FlowPlay
2010-01-25 21:29:29 0 d-----w- c:\docume~1\trever~1\applic~1\EleFun Games
2010-01-25 21:29:20 0 d-----w- c:\docume~1\trever~1\applic~1\Digital Album Organizer
2010-01-25 21:29:17 0 d-----w- c:\docume~1\trever~1\applic~1\CoffeeCup Software
2010-01-25 21:29:17 0 d-----w- c:\docume~1\trever~1\applic~1\Boolat Games
2010-01-25 21:27:35 0 d-----w- c:\docume~1\trever~1\applic~1\bang
2010-01-25 21:27:34 0 d-----w- c:\docume~1\trever~1\applic~1\Alawar
2010-01-25 21:27:34 0 d-----w- c:\docume~1\trever~1\applic~1\AlauxSoft
2010-01-25 21:26:20 146 ----a-w- c:\docume~1\trever~1\applic~1\_$_hpcst$_.hpc.zip
2010-01-25 21:26:12 5632 ----a-w- c:\documents and settings\trever good\Thumbs.db
2010-01-25 21:26:12 4 ----a-w- c:\documents and settings\trever good\win_rhtdo53x4
2010-01-25 21:26:12 30 ----a-w- c:\documents and settings\trever good\jagex_runescape_preferences.dat
2010-01-25 21:26:12 187749 ----a-w- c:\documents and settings\trever good\~
2010-01-25 21:26:12 0 d-----w- c:\documents and settings\trever good\.housecall6.6
2010-01-25 21:26:11 125 ----a-w- c:\documents and settings\trever good\BritannicaReadyReferencePrefs
2010-01-25 21:21:27 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2010-01-25 21:21:26 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-25 21:21:26 0 d-----w- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2010-01-25 21:21:25 0 d-----w- c:\docume~1\alluse~1\applic~1\VirtualFarm
2010-01-25 21:21:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint
2010-01-25 21:21:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-01-25 21:21:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-25 21:21:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Corporation
2010-01-25 21:21:18 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2010-01-25 21:21:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Sandlot Games
2010-01-25 21:21:17 0 d-----w- c:\docume~1\alluse~1\applic~1\PlayPond
2010-01-25 21:21:16 0 d-----w- c:\docume~1\alluse~1\applic~1\NeoEdge Networks
2010-01-25 21:21:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Napster
2010-01-25 21:21:15 0 d-----w- c:\docume~1\alluse~1\applic~1\JollyBear
2010-01-25 21:21:14 0 d-----w- c:\docume~1\alluse~1\applic~1\iWin Games
2010-01-25 21:20:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-01-25 21:20:05 0 d-----w- c:\docume~1\alluse~1\applic~1\HipSoft
2010-01-25 21:19:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Grisoft
2010-01-25 21:19:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Gogii
2010-01-25 21:19:56 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2010-01-25 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Fugazo
2010-01-25 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\FreshGames
2010-01-25 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\FarmFrenzy2
2010-01-25 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2010-01-25 21:19:44 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-01-25 21:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother
2010-01-25 21:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Awem
2010-01-25 21:19:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-01-25 21:18:34 32 ----a-w- c:\documents and settings\all users\hash.dat
2010-01-25 21:18:34 0 d-----w- c:\docume~1\alluse~1\applic~1\3 Blokes Studios
2010-01-25 16:05:26 0 d-----w- c:\docume~1\trever~1\applic~1\Malwarebytes
2010-01-25 16:05:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 14:57:55 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-25 11:43:12 178 ----a-w- c:\documents and settings\trever good\ntuser.ini
2010-01-25 11:14:30 0 d-----w- c:\docume~1\trever~1\applic~1\SUPERAntiSpyware.com
2010-01-25 11:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-23 20:37:02 0 d-sha-r- C:\cmdcons
2010-01-23 20:35:09 77312 ----a-w- c:\windows\MBR.exe
2010-01-23 20:35:09 261632 ----a-w- c:\windows\PEV.exe
2010-01-23 20:35:08 98816 ----a-w- c:\windows\sed.exe
2010-01-23 20:35:08 161792 ----a-w- c:\windows\SWREG.exe
2010-01-22 02:41:02 0 d-----w- C:\$AVG
2010-01-22 02:40:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-22 02:40:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-22 02:40:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-22 02:40:05 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-22 02:39:12 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-22 02:38:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-22 02:38:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 12:29:53 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 16:13:24 0 d-----w- c:\windows\system32\Runningman
2010-01-09 16:13:24 0 d-----w- c:\program files\Runningman
==================== Find3M ====================
2010-01-22 03:40:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-11-16 12:13:51 109016 -c--a-w- c:\docume~1\trever~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-13 16:27:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat
============= FINISH: 16:51:59.12 ===============
[Saving space, attachment deleted by admin]